ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Denial of Service attack via unbounded growth of _collection array

mikb

Summary

An attacker can exploit the lack of collection removal mechanism to indefinitely increase the _collection array size, leading to out-of-gas errors and denial of service.

Vulnerability Details

  1. The attacker initiates multiple withdrawals from L2 to L1 with arbitrary L2 collections when white_list_enabled is false.

  2. Each withdrawal creates a new collection on L1, increasing the _collection array.

  3. There's no mechanism to remove collections from _collection.

  4. The getWhiteListedCollections function iterates over the entire _collection array.

Impact

  1. The withdrawTokens function become unusable due to out-of-gas errors.

  2. The getWhiteListedCollections function fail, breaking dependent functionalities.

  3. Forced whitelisting of collections, compromising the protocol's security model.

Tools Used

Manual review

Recommendations

  1. Implement a mechanism to remove unused collections from _collection.

  2. Add a limit to the number of collections that can be added in a given time frame.

  3. Implement pagination for getWhiteListedCollections to avoid gas limit issues.

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-collections-always-withelisted-on-both-chain-withdraw-impossible-collections-array-will-be-OOG

Likelyhood: High, once the whitelist option is disabled, collections will grow. Impact: High, withdraw won’t be possible because of Out-Of-Gas.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!