ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

No assert on msg.value for L1 to L2 messaging in Starklane contract

mikb

Summary

The Starklane contract on L1 does not properly assert the msg.value when sending messages to L2. This could lead to messages getting stuck in the bridge due to insufficient fees.

Vulnerability Details

In the depositTokens function, there's no check on the msg.value when sending a message to L2:

IStarknetMessaging(_starknetCoreAddress).sendMessageToL2{value: msg.value}(
snaddress.unwrap(_starklaneL2Address),
felt252.unwrap(_starklaneL2Selector),
payload
);

According to the Cairo Book, the msg.value should be at least 20,000 wei to cover the gas costs of storing the message hash on L1.

Impact

Without proper assertion of msg.value, users might send transactions with insufficient fees, resulting in messages getting stuck in the bridge, then users needing to cancel messages after the 7-day waiting period.

Tools Used

Manual review

Recommendations

Add an assertion to check that msg.value is within an acceptable range:

require(msg.value > 20000 wei, "msg.value should be at least 20,000 wei");
IStarknetMessaging(_starknetCoreAddress).sendMessageToL2{value: msg.value}(
snaddress.unwrap(_starklaneL2Address),
felt252.unwrap(_starklaneL2Selector),
payload
);
Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-not-enough-fee-can-block-NFT

Impact: Medium/High. Need an admin to start a cancellation and wait for 5 days once done. DoS > 5 days. Likelyhood: Low. Everytime a wallet/or a user do not send enough gas

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!