There is a data inconsistency between events emitted by the Solidity and Cairo contracts. The DepositRequestInitiated
event in the Cairo contract emits a Request
struct, while the corresponding event in the Solidity contract emits a uint256[]
array. This inconsistency can complicate the tracking and interpretation of event data across L1 and L2.
In the Cairo contract, the DepositRequestInitiated
event emits a Request
struct, which encapsulates the details of the request. In contrast, the Solidity contract emits the same event but with a uint256[]
array representing the request content. This difference in data structures between the events on L1 and L2 can cause confusion and challenges for off-chain systems that monitor or process these events, potentially leading to misinterpretation or errors when analyzing the emitted data across both layers.
Location:
https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/starknet/src/bridge.cairo#L304
https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L143
The inconsistency in event data between the Solidity and Cairo contracts can lead to difficulties in tracking, processing, and interpreting event data across L1 and L2. While the impact is low, as it primarily affects the ease of monitoring and data consistency, but the high probability makes it a concern worth addressing.
Manual code review
Unify emit data to ensure consistency and ease of interpretation, consider aligning the event data structures between the L1 and L2 contracts. Either update the Solidity contract to emit a struct that mirrors the Request struct used in the Cairo contract or update Cairo contract to emit an array of uint256
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.