ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Redundant mapping update in set_l1_l2_collection_mapping function

sabit

Summary

Redundant mapping update in set_l1_l2_collection_mapping function.

Vulnerability Details

The set_l1_l2_collection_mapping function allows redundant updates to the L1-L2 address mappings. The function does not check if the new mapping values are identical to the existing ones before performing write operations.

fn set_l1_l2_collection_mapping(ref self: ContractState, collection_l1: EthAddress, collection_l2: ContractAddress) {
ensure_is_admin(@self);
self.l1_to_l2_addresses.write(collection_l1, collection_l2);
self.l2_to_l1_addresses.write(collection_l2, collection_l1);
}

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/starknet/src/bridge.cairo#L360C6-L364C10

Impact

This issue results in unnecessary gas consumption when the function is called with parameters that match the existing mappings.

Tools Used

Manual review

Recommendations

Implement a check to compare the new mapping values with the existing ones before performing write operations. Only update the mappings if there's an actual change.

fn set_l1_l2_collection_mapping(ref self: ContractState, collection_l1: EthAddress, collection_l2: ContractAddress) {
ensure_is_admin(@self);
let current_l2 = self.l1_to_l2_addresses.read(collection_l1);
let current_l1 = self.l2_to_l1_addresses.read(collection_l2);
if current_l2 ! = collection_l2 || current_l1 ! = collection_l1 {
self.l1_to_l2_addresses.write(collection_l1, collection_l2);
self.l2_to_l1_addresses.write(collection_l2, collection_l1);
}
}
Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.