Summary

Even though the Starklane contract, located in Bridge.sol implicitly follows the IStarklane.sol by implementing all of the functions from the interface. However, as it does not formally declare its implementation, it lacks explicit contractual adherenceto the interface which may lead to several potential issues.

Vulnerability Details

Interfaces serve as a blueprint that allows contracts to communicate with each other in a standardized manner, fostering composability within the ecosystem. An interface acts as a formal agreement that ensures consistency in function signatures between the interface itself and any contract that implements it. This structure is crucial, particularly when interacting with contracts that are already deployed on the blockchain. This ensures that calls to external contracts are made correctly and consistently. However, failing to explicitly declare an interface implementation in a contract can obscure this crucial relationship and lead to vulnerabilities associated with integration and maintenance, such as unexpected behaviors or breaches in expected contract functionality.

Even though the contract implicitly follows the IStarklane.sol, there is a discrepancy

• apps/blockchain/ethereum/src/Bridge.sol:223 - https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L223C14-L223C38

  /**

  @notice Start the cancellation of a given request.

  @param payload Request to cancel

  @param nonce Nonce used for request sending.

  */

  function startRequestCancellation(

  uint256[] memory payload,

  uint256 nonce

  ) external onlyOwner {

  IStarknetMessaging(_starknetCoreAddress).startL1ToL2MessageCancellation(

  snaddress.unwrap(_starklaneL2Address),

  felt252.unwrap(_starklaneL2Selector),

  payload,

  nonce

  );

  Request memory req = Protocol.requestDeserialize(payload, 0);

  emit CancelRequestStarted(req.hash, block.timestamp);

  }

The startRequestCancellation function has an onlyOwnermodifier

• apps/blockchain/ethereum/src/IStarklane.sol:49 - https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/IStarklane.sol#L49C14-L49C38

The same method declaraction in the interface does not include the onlyOwner modifier.

Impact

The impacts, from not implementing the interface could include

• There's a risk of missing function implementations required by the interface. If the contract does not declare itself as implementing an interface, this might go unnoticed, especially if it compiles without errors due to the presence of other functions with matching signatures.

• There might be unintentional mismatches in function signatures (e.g., function name, parameters, return type), which can lead to incorrect behavior or contract failure.

• Other contracts or external clients interacting with the contract might rely on certain assurances that come from interface implementation (like ERC standards). Missing explicit declarations may disrupt integrations and interactions.

• Future upgrades or modules that interact with the contract might require explicit interface implementation to ensure compatibility and correct functioning within a larger ecosystem.

• Future developers maintaining or upgrading the contract might overlook the requirement to conform to the interface specifications. This can lead to degradation in contract quality and functionality over time.

• Modern Solidity compilers can provide warnings or optimization benefits when interfaces are explicitly implemented. Without such declarations, some compiler-level checks and optimizations might not be applied, potentially affecting performance and security.

• Modern Solidity compilers can provide warnings or optimization benefits when interfaces are explicitly implemented. Without such declarations, some compiler-level checks and optimizations might not be applied, potentially affecting performance and security.

Tools Used

• Manual Code Review: Analyzing the contract code directly.

• Static Analysis Tools: Slither - https://github.com/crytic/slither

Recommendations

• The Starklane contract should explicitly declare its implementation of the IStarklane interface using the is keyword in its declaration within the Bridge.sol file. This explicit declaration not only reinforces the architectural design of the contract but also enhances its interoperability and robustness by ensuring compliance with the defined interface.

• Ensure that the contract is compliant with the interface and make adjustments to either the contract or the interface if required.