NFTBridge
60,000 USDC
View results
Submission Details
Severity: low
Invalid

Potential Risk in White List Management

File: bridge.cairo

Summary

The white list management logic uses a linked list structure to handle collections. This logic might result in potential issues if the list is not carefully managed, especially when removing or adding elements. If the linked list is corrupted (e.g., due to a missing or incorrect update), it could lead to incorrect handling of white-listed collections, potentially allowing unauthorized collections to pass or blocking authorized ones.

Vulnerability Details

Assume that during the removal of an element from the white list, the contract fails to correctly update the head or tail of the list, resulting in a corrupted state. This could lead to an incorrect state where either unauthorized collections remain whitelisted or all collections become inaccessible.

Impact

Tools Used

Manual Review

Recommendations

Ensure that edge cases (e.g., empty list, single-element list) are explicitly handled in the linked list logic to avoid unexpected behavior
ln 517

assert(self.white_listed_head.read() != ContractAddress::default(), "Head should never be uninitialized");
Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.