An unhandled return value can lead to functionality not working correctly.
Summary
For the function below, in some cases, it may not work as expected. Therefore, the return value should be checked. Currently, the related values are not being checked or throwing any errors, so the code assumes that the line works without problems.
Note: This function should only be called for a message that is currently pending, and the caller must be the sender of that message.
Vulnerability Details
The following are not checking for the return value.
https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L227
https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L247
Related code on the Starknet side to check possible return values.
https://github.com/starkware-libs/cairo-lang/blob/master/src/starkware/starknet/solidity/StarknetMessaging.sol#L156
The related documentation explains the error cases.
https://docs.starknet.io/architecture-and-concepts/network-architecture/messaging-reference/#startL1ToL2MessageCancellation
https://docs.starknet.io/architecture-and-concepts/network-architecture/messaging-reference/#cancelL1ToL2Message\
Impact
Related functions(startRequestCancellation, cancelRequest ) will not give any errors, but it will not work as expected.
Tools Used
-
Recommendations
Similar to this line, the return value should be checked for correctness.
https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Messaging.sol#L107
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.