Overview

The Ark Project bridge currently lacks a mechanism for users to claim airdrops or access other NFT-associated benefits while their tokens are locked in the bridge contract during cross-chain transfers. This oversight could result in users missing out on valuable opportunities intrinsically tied to their NFT ownership.

Vulnerability Details

Location

Affected Contracts: Bridge contracts on both L1 (Ethereum) and L2 (Starknet)

Description

The current implementation of the bridge contracts does not include functionality for users to:

1. Claim airdrops associated with their bridged NFTs

2. Access time-sensitive benefits or rewards linked to their tokens

The aridrop tokens will be stuck forever in the bridge contracts.

Impact

1. Missed Opportunities: Users may lose out on valuable airdrops, governance participation, or other NFT-linked benefits.

2. Financial Loss: In cases where airdrops or benefits have monetary value, users could suffer direct financial losses.

3. Competitive Disadvantage: Users may prefer alternative bridging solutions that offer mechanisms to claim benefits, potentially reducing adoption of the Ark Project bridge.

Mitigation

Recommended Solutions

1. Proxy Claim Mechanism: Implement a function that allows users to submit claims for airdrops or benefits through the bridge contract.

2. ERC20 withdraw function: At least implement an ERC20 withdraw mechanism to prevent any issues.