Salt is used as argument instead of being random generated and nonce is not used as well
Summary
The salt in both L1 and L2 is being passed as argument which defeats its purpose. It should represent random generated data everytime so the hash is always diffrent and it makes sure that there will be no collisions. Also the nonce is not used as well which is an important part when creating a hash
Vulnerability Details
Here is the depositTokens() function from Bridge.sol (the same applies for the deposit_tokens() on L2)
As we can see the hash is passed as argument instead of being randomly generated, also it is missing nonce which will assure the uniqueness of the hash
Impact
Low because there are other factors in the hash such as owner and ids which will make a collision's likelihood very low
Tools Used
Manual review
Recommendations
The easiest way to fix this is by adding nonce to the hash
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.