The setL1L2CollectionMapping
function in the Bridge.sol contract does not check if the collectionL2
parameter, of type snaddress
, is a valid felt value. This could potentially lead to issues if an invalid value is entered, even though the function is restricted to the contract owner. Similar issues in the previous audit is marked medium
but i am submitting this one as low
because the function is restricted so likelihood is low but the impact can be high.
Even though the function is restricted to the admin (trusted role), there is a risk that an invalid felt value could be entered for collectionL2
, leading to potential operational issues or failures in the bridge functionality.
The current implementation of the function does not validate that collectionL2
is a valid felt value:
Without validation, if collectionL2
is not within the valid range for felt values, it can cause issues when interacting with StarkNet.
Add a validation check to ensure collectionL2
is within the valid range for felt values.
By adding this validation, the function will ensure that collectionL2
is always a valid felt value.
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.