From the previous audit, the auditor
argues that the startRequestCancellation()
function has the modifier onlyOwner
meaning that only the owner
is able to initiate cancellation
while any user must be able to do that. He therefore reccomends that the modifier be removed from cancelRequest()
.
However, now the cancelRequest()
function lacks access control, allowing any user to cancel any request
. This can lead to unauthorized cancellations
and potential abuse.
Here is cancelRequest()
:
It internally calls _cancelRequest()
as shown here which handles the internal logic for canceling a request such as:
Extracts the request details
from the serialized payload
.
Moves tokens
back to the owner's possession if they were held in escrow
.
The cancelRequest()
function is vulnerable to unauthorized cancellations because it does not have any access control.
Root Cause: Missing ownership
verification for the request
being canceled.
Missing ownership
verification for the request
can lead to unauthorized cancellations
and potential abuse.
Manual Review
Verify Ownership: Ensure that only the owner
of a request
can cancel it.
The process to cancel a message is detailed here: https://docs.starknet.io/architecture-and-concepts/network-architecture/messaging-mechanism/#l2-l1_message_cancellation Since `startRequestCancellation` has the `onlyOwner`, only the owner can begin that process.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.