Use of `onlyOwner` Modifier in `L1 Bridge` Contract's Message Cancellation Logic
Summary
The L1 bridge contract allows only the contract owner to start the cancellation of a message from L1 to L2, which contradicts the Starknet's requirement that the original sender of the message must initiate the cancellation.
Vulnerability Details
In the startRequestCancellation function of the L1 bridge contract, the onlyOwner modifier is used, restricting the initiation of message cancellation to the contract owner:
According to Starknet's documentation, the startL1ToL2MessageCancellation function requires that the caller MUST be the original sender of the L1 to L2 message. However, the current contract implementation does not enforce this condition, allowing the contract owner to attempt message cancellations regardless of whether they were the original sender.
There is incorrect assumption that the contract owner should be allowed to cancel any message, which is in direct conflict with Starknet's security requirement that only the original sender can do so.
Impact
As such the original sender of the L1 to L2 message lacks the ability to initiate the message cancellation due to the restrictive onlyOwner modifier. This directly contradicts the starknet documentation
Tools Used
Manual Review and Starknet Docs
Recommendations
The contract should enforce that only the original sender of the L1 to L2 message can initiate its cancellation.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.