ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Zero length emitted event when upgrading the bridge on L2

fyamf

Summary

The event length would be zero when emitted after a successful upgrade (class replacement).

Vulnerability Details

Since after calling replace_class_syscall, the code currently executing from the old class will finish running, the event in the arm Result::OK() would have the length of zero.

#[abi(embed_v0)]
impl BridgeUpgradeImpl of IUpgradeable<ContractState> {
fn upgrade(ref self: ContractState, class_hash: ClassHash) {
ensure_is_admin(@self);
match starknet::replace_class_syscall(class_hash) {
Result::Ok(_) => {
self.emit(ReplacedClassHash {
contract: starknet::get_contract_address(),
class: class_hash,
})
},
Result::Err(revert_reason) => panic(revert_reason),
};
}
}

https://github.com/Cyfrin/2024-07-ark-project/blob/main/apps/blockchain/starknet/src/bridge.cairo#L190
https://docs.starknet.io/architecture-and-concepts/smart-contracts/system-calls-cairo1/#replace_class

Impact

  • During upgrade, the expected event will have length of zero.

Tools Used

Recommendations

Emitting event in this case can be removed.

#[abi(embed_v0)]
impl BridgeUpgradeImpl of IUpgradeable<ContractState> {
fn upgrade(ref self: ContractState, class_hash: ClassHash) {
ensure_is_admin(@self);
match starknet::replace_class_syscall(class_hash) {
Result::Ok(_) => {
- self.emit(ReplacedClassHash {
- contract: starknet::get_contract_address(),
- class: class_hash,
- })
+ ()
},
Result::Err(revert_reason) => panic(revert_reason),
};
}
}
Updates

Lead Judging Commences

n0kto Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.