60,000 USDC
Submission Details
Severity:
Users suffer from DOS due to incorrect logical implementation.
Summary
Users suffer from DOS due to incorrect logical implementation.
Vulnerability Details
According to protocol flow, users call `depositTokens()` to deposit token in escrow and initiate the transfer to Starknet.
But it will be reverted due to incorrect logical implementation.
```solidity
function depositTokens(
uint256 salt,
address collectionL1,
snaddress ownerL2,
uint256[] calldata ids,
bool useAutoBurn
)
external
payable
{
...
_depositIntoEscrow(ctype, collectionL1, ids);
...
}
```
The `depositTokens()` calls `detectInterface()` of `TokenUtil.sol`.
```solidity
function detectInterface(
address collection
)
internal
view
returns (CollectionType)
{
@ bool supportsERC721 = ERC165Checker.supportsInterface(
collection,
type(IERC721).interfaceId
);
...
@ bool supportsERC1155 = ERC165Checker.supportsInterface(
collection,
type(IERC1155).interfaceId
);
...
}
```
But `supportsInterface()` of `ERC165Checker` is internal function, then `Bridge` contract does not inherit `ERC165Checker`.
So users suffer from DOS.
Impact
Users suffer from DOS due to incorrect logical implementation.
Tools Used
Mannual Review
Recommendations
`Bridge` contract inherits `ERC165Checker` contract.
Prize pool breakdown
Total prize
60,000 USDC
nSLOC
2,30126 USDC / LOC
50,000 USDC
5,500 USDC
4,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.