ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

`l1_message` payload size is not checked on cairo contract

q3x

Summary

The Cairo contract bridge.cairo lacks a check for the payload size, which is present in the Solidity contract Bridge.sol. This inconsistency can lead to issues with message consumption on L1 if the payload exceeds the allowable size.

Vulnerability Details

When depositing to the bridge, The solidity contract Bridge.sol performs a check on payload here.

this is inconsistent with the cairo contract bridge.cairo that does not perform a check on the payload size. This can cause the message on l1 to be not consumable.

Locations:

Impact

The probability of this issue occurring is medium, and the impact is medium where messages that exceed the allowable size may not be processed correctly, leading to failed transactions.

Tools Used

  • Manual code review

Recommendations

  • add a check on the payload size on the cairo contract.

fn deposit_tokens(
) {
ensure_is_enabled(@self);
assert(!self.bridge_l1_address.read().is_zero(), 'Bridge is not open');
...
let req = ...;
let mut buf: Array<felt252> = array![];
req.serialize(ref buf);
// check payload size
assert(buf.length() <= MAX_PAYLOAD_LENGTH, 'Payload too large');
}
Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!