ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

NFTs sent from l2 to l1 with `use_withdraw_auto = true` will be stuck

zac369

Summary

NFTs sent from l2 to l1 with use_withdraw_auto = true will be stuck until it is enabled again on l1

Vulnerability Details

The function withdrawTokens in Bridge.sol contains the following if statement

if (Protocol.canUseWithdrawAuto(header)) {
// 2024-03-19: disabled autoWithdraw after audit report
// _consumeMessageAutoWithdraw(_starklaneL2Address, request);
revert NotSupportedYetError();
} else {
_consumeMessageStarknet(_starknetCoreAddress, _starklaneL2Address, request);
}

However the function deposit_tokens in Bridge.cairo still allows NFTs to be sent with use_withdraw_auto = true

Impact

NFT becomes stuck as withdrawTokens always reverts and there is no way to cancel the request

Tools Used

Manual review

Recommendations

Add a check to Bridge.cairo that checks use_withdraw_auto != true.
Or remove use_withdraw_auto entirely as it is not currently used.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-auto_withdrawn-L2-NFT-stuck

Impact: High, token will be stuck in L2 bridge. Likelyhood: Very low, option is available in L2 but has been disabled since March on L1, would be almost a user error.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.