Potential loss of NFTs due to L1-L2 mapping changes
Summary
Users may lose access to their NFTs if the L1-L2 collection mapping is changed after initial bridging, particularly if a new L2 collection is deployed and mapped to the existing L1 collection.
Vulnerability Details
Users bridge NFTs from L1 to L2, with a new ERC721 contract deployed on L2.
Later, the L1 collection owner deploys their own NFT collection on L2.
The ArkProject owner updates the L1-L2 mapping to point to the new L2 collection.
Users who previously bridged NFTs can no longer bridge back to L1, as their NFTs are in the old L2 collection.
Impact
Users lose access to their bridged NFTs on L2.
Tools Used
Manual review
Recommendations
Implement a migration system for NFTs when L1-L2 mappings change.
Add functionality to bridge back NFTs to L1 and then to the correct L2 collection.
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.