ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

`_withdrawFromEscrow` return value is not checked during cancellation of request

0xtheblackpanther

Github

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L264

Summary

The return value of _withdrawFromEscrow is not checked when called in _cancelRequest. It might lead to silent failures during cancellation.

Impact

Users might believe they have successfully canceled the request and withdrawn the token, but due to a silent failure, the token will not actually be withdrawn.

Recommendation

Check the return value of _withdrawFromEscrow and revert if it is false.

function _cancelRequest(Request memory req) internal {
uint256 header = felt252.unwrap(req.header);
CollectionType ctype = Protocol.collectionTypeFromHeader(header);
address collectionL1 = req.collectionL1;
for (uint256 i = 0; i < req.tokenIds.length; i++) {
uint256 id = req.tokenIds[i];
bool success = _withdrawFromEscrow(ctype, collectionL1, req.ownerL1, id);
require(success, "Token withdrawal from escrow failed");
}
}
Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

invalid-_withdrawFromEscrow-result-not-checked

To cancel a message, it has to be sent to the Starknet Core, otherwise it reverts. Therefore, to cancel a request, a token will always be escrowed. There is no impact here because the described case will never happen, that’s why check that boolean is not useful.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.