ArkProject: NFT Bridge

ArkProject

NFTBridge

60,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Contract `StarknetMessaging` can receive fees as ETH but they can't be withdrawn

naman1778

Summary :

The StarknetMessaging contract have sendMessageToL2 function which is a payable function.It is used to send message to L2(i.e Starknet). The user needs to pay some ether to call this function as fees for sending message to L2. But the problem is that contract does not have any withdraw function making the fees stuck forever in the contract

Vulnerability Details :

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/lib/starknet/StarknetMessaging.sol#L126-L141

function sendMessageToL2(

uint256 toAddress,

uint256 selector,

uint256[] calldata payload

) external payable override returns (bytes32, uint256) {

require(msg.value > 0, "L1_MSG_FEE_MUST_BE_GREATER_THAN_0");

require(msg.value <= getMaxL1MsgFee(), "MAX_L1_MSG_FEE_EXCEEDED");

uint256 nonce = l1ToL2MessageNonce();

NamedStorage.setUintValue(L1L2_MESSAGE_NONCE_TAG, nonce + 1);

emit LogMessageToL2(msg.sender, toAddress, selector, payload, nonce, msg.value);

bytes32 msgHash = getL1ToL2MsgHash(toAddress, selector, payload, nonce);

// Note that the inclusion of the unique nonce in the message hash implies that

// l1ToL2Messages()[msgHash] was not accessed before.

l1ToL2Messages()[msgHash] = msg.value + 1;

return (msgHash, nonce);

}

This function requires user to pay certain fees to successfully send a message to L2. But the accumulated fees is not withdrawable due to absense of withdraw function.

Impact :

The fees that will not be withdrawable thus it will get stuck forever in the contract.

Tools Used :

Manual Code Review

Recommendations :

Add a withdraw function in the StarknetMessaging contract.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,301

26 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.