Summary

A vulnerability has been identified in the withdrawTokens function that could allow a malicious user to mint an unlimited number of tokens. The issue stems from the insufficient verification of escrowed tokens and improper mapping between L1 and L2 collections. This can lead to unintended token creation via the mintFromBridge function, even when tokens should not be minted. This poses a severe security risk as it could result in token inflation and financial loss.

Vulnerability Details

The core issue lies in how the contract handles withdrawals from escrow and the mapping between L1 and L2 collections. The function _verifyRequestAddresses checks the addresses for L1 and L2 collections, and if collectionL1 == address(0x0), it deploys a new ERC721 collection on L1. Furthermore, if the token is not found in escrow, the contract defaults to minting a new token via the mintFromBridge function.

This logic creates a loophole where, if the collection address isn’t properly mapped, a malicious user could continuously call the withdrawTokens function with valid L2 data and trigger the minting of new tokens without proper verification.

Attack Path :
Identify Vulnerability: Attacker notices improper validation of L1 and L2 collections in withdrawTokens.

Craft Malicious Request: Attacker submits request with collectionL1 == address(0x0) and valid L2 collection address.
https://github.com/Cyfrin/2024-07-ark-project/blob/main/apps/blockchain/ethereum/src/Bridge.sol#L179

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/token/CollectionManager.sol#L128

Mint Unlimited Tokens: Attacker bypasses validation and continues minting tokens without restrictions.

https://github.com/Cyfrin/2024-07-ark-project/blob/main/apps/blockchain/ethereum/src/Bridge.sol#L184

Trigger Token Minting: Attacker repeatedly calls withdrawTokens with different token IDs, causing the contract to mint new ERC721 tokens.

Drain Token Supply: Attacker exploits the protocol by minting unlimited tokens, devaluing the token and causing financial harm.

Impact

Token Inflation: The ability to mint unlimited tokens would undermine the scarcity and value of the tokens, leading to a significant devaluation and potentially crashing the market for those tokens.
Escrow Draining: Repeated minting exploits could deplete the escrow, which is designed to safely manage the bridging and transfer of tokens between L1 and L2.
Financial Loss: The protocol’s funds and tokenomics could be severely impacted, causing financial losses for the users and stakeholders of the protocol.

Tools Used

Manual review

Recommendations

Escrow Validation: Enforce stricter checks on escrowed tokens. Ensure that a token cannot be minted if it was supposed to be escrowed or withdrawn.