Unintended ether sent to contract will stuck forever.
Summary
The depositTokens() is a payable function which sends a msg.value to sendMessageToL2(), now this functions uses the msg.value amount as a value and increament 1 in that and save in the mapping.
Vulnerability Details
The sendMessageToL2 function also checks that eth send to the contract should be in a valid range
Which makes no sense, the valid getMaxL1MsgFee is 1 ether set in contract.
the contract does not do anything with these ethers and there is no mechanism to retrive these ethers back from contract, similar is the case with withdrawTokens() function.
Impact
Eth send to Bridge contract will be stuck forever
Tools Used
manual code review
Recommendations
Implement a mechanism to send eth back to user after the execution of deposit function, or atleast at the time of request cancellation.
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Appeal created
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.