Unsupported collections can be bridged incorrectly especially when the whitelist is disabled.
The mapping _l1ToL2Addresses
is responsible for storing the Starknet address of supported collections.
It is included in the Request
struct which is later serialized before sending it, as part of the payload
, on Starknet in Bridge:depositTokens()
:
However, the code doesn't properly handle the case when req.collectionL2 == 0
, which will result in the impossibility to mint the corresponding Nft on Starknet.
Unsupported Nft collections can be bridged but, since _l1ToL2Addresses
is't configured for them, they will fail on Starknet and the user must call cancelRequest()
in another transaction and wait days to get his Nfts back.
Note that this is more probable to occur when the whitelist is disabled, since it is expected that whitelisted collections are properly configured by the owner.
Manual review
Revert if req.collectionL2 == 0
to avoid bridging unsupported or not-properly-configured collections.
Additionally, I reccomend setting the _l1ToL2Addresses
for the collection inside whiteList()
to avoid misconfigurations.
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.