When Bridging tokens L1->L2
, we are deploying a new address for that Bridged token NFT collection on L1
on L2
if it has no attacked address on L2
.
The problem is that in L2Bridge::withdraw_auto_from_l1()
we are always deploying an ERC721
address without checking the ctype
first.
As we can see we deploy the collection address in the first as an ERC721
, without checking this type either ERC721
or ERC1155
.
Although this should not result in any problems unless data altered when Bridged in the current implementation, this is no the way the L1Bridge
work when withdrawing. where we are checking for the ctype before we deploy new collections.
As we can see in L1
Bridge, we are checking for the type, and if it is ERC721
we are deploying an ERC721 collection, and if not we are reverting the tx. which is not the case in L2
Bridge withdrawing which does not preventing Bridging ERC1155
tokens to be Bridged.
Manual Review
Check that the ctype is ERC721
before deploying, and if not revert the tx
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.