Abuse of startRequestCancellation function
Summary
It is in my assumtion that the user will request a server to cancel his bridging requst after a valid cancellation delay, and will demand to get back his NFT from L1 escrow
Vulnerability Details
Now the issue is, assume the user is melicious but he does everything right, deposit his NFT to L1 but everytime he does he send a request on server to cancel his request and on his behalf server will send the startRequestCancellation() call to smart contract which is onlyOwner() function.
Impact
User has a ability to abuse server in order to continuously cancel his request on his behalf in order to consume all the gas that relayer has. it will effect if everyone start to abuse the relayer wallet there will be a point when startRequestCancellation call start to fail with the error of low gas.
Tools Used
Manual Code Review
Recommendations
startRequestCancellation() function should not be onlyOwner() but it should be on user to call using the valid data and the function should have validity checks to ensure that valid user is calling this function to cancel his bridging request.
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Appeal created
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.