ArkProject: NFT Bridge

Summary

The Solidity contract lacks an event emission for bridge enablement, which is present in the Cairo contract. This discrepancy can hinder the monitoring and tracking of the bridge's operational status across different layers.

Vulnerability Details

In the Cairo contract, the BridgeEnabled event is emitted whenever the bridge is enabled or disabled, providing a log of the change. This event is crucial for off-chain systems, such as Web2 services, to monitor and respond to changes in the bridge's status. However, in the corresponding Solidity contract, the enableBridge function does not emit an equivalent event, creating a gap in monitoring the bridge's state on L1.

Locations

• https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/starknet/src/bridge.cairo#L351

• https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L361

Impact

The absence of the BridgeEnabled event in the Solidity contract can result in difficulties for off-chain systems in tracking and responding to changes in the bridge's operational status on L1. Although the probability is high, the impact is low as it primarily affects monitoring capabilities.

Tools Used

• Manual code review

Recommendations

• Emit a BridgeEnabled event in solidity contract similar to the BridgeEnabled event in the Cairo contract to ensure consistency across the contracts. This will facilitate better tracking of the bridge's state changes on both networks