Unprotected Ownership Functions
I reviewed the functions that control critical aspects of the bridge, such as enabling the whitelist and bridge, and managing collections. These functions were restricted to the contract owner, which is standard practice. However, I recognized the risk if ownership were ever compromised.
solution: I suggest implementing additional security measures, such as requiring multi-signature approvals for critical actions or introducing timelocks. These measures would ensure that even if the owner’s private key were compromised, an attacker would not be able to quickly and easily disrupt the bridge’s operation.
Location: ethereum/src/ IStarklane.sol
Issue: Functions like enableWhiteList, whiteList, and enableBridge are restricted to the contract owner. If the ownership is compromised, these functions could be misused to disrupt the bridge's operation.
impact: A compromised owner could disrupt the bridge's functionality, leading to asset loss or denial of service.
Tools used: Manual Review.
Recommendations: Consider implementing a multi-signature wallet for critical functions or add timelocks to prevent quick takeovers by compromised owners.
Potential changes: Consider using a multi-signature wallet or timelocks for critical ownership functions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.