NFTBridge
60,000 USDC
View results
Submission Details
Severity: low
Invalid

Inconsistent event data between L1 and L2 contracts

Summary

There is a data inconsistency between events emitted by the Solidity and Cairo contracts. The DepositRequestInitiated event in the Cairo contract emits a Request struct, while the corresponding event in the Solidity contract emits a uint256[] array. This inconsistency can complicate the tracking and interpretation of event data across L1 and L2.

Vulnerability Details

In the Cairo contract, the DepositRequestInitiated event emits a Request struct, which encapsulates the details of the request. In contrast, the Solidity contract emits the same event but with a uint256[] array representing the request content. This difference in data structures between the events on L1 and L2 can cause confusion and challenges for off-chain systems that monitor or process these events, potentially leading to misinterpretation or errors when analyzing the emitted data across both layers.

Location:

  • https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/starknet/src/bridge.cairo#L304

  • https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L143

Impact

The inconsistency in event data between the Solidity and Cairo contracts can lead to difficulties in tracking, processing, and interpreting event data across L1 and L2. While the impact is low, as it primarily affects the ease of monitoring and data consistency, but the high probability makes it a concern worth addressing.

Tools Used

  • Manual code review

Recommendations

  • Unify emit data to ensure consistency and ease of interpretation, consider aligning the event data structures between the L1 and L2 contracts. Either update the Solidity contract to emit a struct that mirrors the Request struct used in the Cairo contract or update Cairo contract to emit an array of uint256

Updates

Lead Judging Commences

n0kto Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.