ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

When bridging from L2 to L1, if `use_withdraw_auto` is set to true, the bridge will revert because L1 disabled autoWithdraw

AllTooWell

Summary

When bridging from L2 to L1, if use_withdraw_auto is set to true, the bridge will revert because L1 disabled autoWithdraw.

Vulnerability Details

Bridge::withdrawTokens

if (Protocol.canUseWithdrawAuto(header)) {
// 2024-03-19: disabled autoWithdraw after audit report
// _consumeMessageAutoWithdraw(_starklaneL2Address, request);
revert NotSupportedYetError();

In L1, Autowithdraw is disabled.

bridge::deposit_tokens

fn deposit_tokens(
ref self: ContractState,
salt: felt252,
collection_l2: ContractAddress,
owner_l1: EthAddress,
token_ids: Span<u256>,
use_withdraw_auto: bool,
use_deposit_burn_auto: bool,
) {

But in L2, the value of use_withdraw_auto is determined by the user. If user sets use_withdraw_auto to true, withdrawTokens will revert in L1.

Impact

Bridge is failed because of wrong input.

Tools Used

manual

Recommendations

The default value of use_withdraw_auto should be false to prevent ordinary users from mistakenly entering a wrong value of true.

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-auto_withdrawn-L2-NFT-stuck

Impact: High, token will be stuck in L2 bridge. Likelyhood: Very low, option is available in L2 but has been disabled since March on L1, would be almost a user error.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.