When the user calls bridge.cairo::deposit_tokens()
with use_withdraw_auto = true
, the bridged NFT
will be locked in the bridge contract.
The user calls the bridge.cairo::deposit_tokens()
function in the L2 contract and sets use_withdraw_auto
to true
to perform cross-chain operations.
However, when the user calls the Starklane::withdrawTokens()
method in the L1 contract to perform the withdrawal, the program will revert due to Protocol.canUseWithdrawAuto(header) == true
, and the user's transferred NFT will be locked in the bridge contract.
https://github.com/ArkProjectNFTs/bridge/blob/1bb58731d8e4c37a71d3611c8ea6163c9b019193/apps/blockchain/starknet/src/bridge.cairo#L242-L306
https://github.com/ArkProjectNFTs/bridge/blob/1bb58731d8e4c37a71d3611c8ea6163c9b019193/apps/blockchain/starknet/src/request.cairo#L112-L136
https://github.com/ArkProjectNFTs/bridge/blob/1bb58731d8e4c37a71d3611c8ea6163c9b019193/apps/blockchain/ethereum/src/Bridge.sol#L153-L215
https://github.com/ArkProjectNFTs/bridge/blob/1bb58731d8e4c37a71d3611c8ea6163c9b019193/apps/blockchain/ethereum/src/Protocol.sol#L57-L65
When the user calls bridge.cairo::deposit_tokens()
with use_withdraw_auto = true
, the bridged NFT
will be locked in the bridge contract.
Manual Review
It is recommended to modify the bridge.cairo::deposit_tokens()
method to force use_withdraw_auto
to be set to false
.
Impact: High, token will be stuck in L2 bridge. Likelyhood: Very low, option is available in L2 but has been disabled since March on L1, would be almost a user error.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.