Tokens on L2 can't be retrieved by users if something happens and the Bridge gets disabled or their transaction reverts for some reason
Summary
The L2 has no functionality as the L1 where a user can simply cancel his message and retrieve his tokens back from the escrow so he will simply lose them if the bridge gets disabled or his transaction can not process
Vulnerability Details
There is no functionality in bridge.cairo which lets the user withdraw his tokens on L2 from the contract.
As we can see in withdrawTokens() function in Bridge.sol the bridge can be disabled and the transaction will keep reverting so the user's tokens will not be bridged to L1. This means that the user's tokens will be stuck in the bridge for unknown time.
If this happens on L1 it is not a problem because the user can just cancel his message and retrieve his tokens from the escrow but on L2 he has nothing that he can do besides waiting for the Bridge to be enabled again
Impact
High because a user will not be able to retrieve his tokens in case of emergency. They will just remain stuck
in the bridge
Tools Used
Manual review
Recommendations
Add a functionality in bridge.cairo which allows the user to withdraw his tokens from the escrow in case the Bridge gets disabled
Lead Judging Commences
finding-users-cannot-withdraw-while-bridge-disabled
Impact: Medium, token won’t be withdrawable until the bridge is enabled again. No real token loss. Likelyhood: Low/Medium, bridge would be disabled in case of emergency/upgrade/audit.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.