ArkProject: NFT Bridge

ArkProject

NFTBridge

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

NFT Collection `l1<->l2` setting is always forced in `L2Bridge`.

alqaqa

Vulnerability Details

The Bridge takes an NFT from the source chain, and transfer/mint it to the receiver on the destination chain. If The collection we bridged has no address on the destination chain we deploy a new one.

There is an Admin function that is used to set l1<->l2 NFT collection addresses, where it can be used by the admin to set the NFT collection addresses on L1 and L2 himself.

CollectionManager.sol#L151-L165

function _setL1L2AddressMapping(

address collectionL1,

snaddress collectionL2,

bool force

) internal {

if (((snaddress.unwrap(_l1ToL2Addresses[collectionL1]) == 0) && (_l2ToL1Addresses[collectionL2] == address(0)))

|| (force == true)) {

_l1ToL2Addresses[collectionL1] = collectionL2;

_l2ToL1Addresses[collectionL2] = collectionL1;

} else {

revert CollectionMappingAlreadySet();

}

As we can see in the implementation on L1Bridge if the collections are already set we are not resetting them unless we activate the force parameter.

This implementation is not the same as that in L2Bridge, where we are setting the collection addresses, without checking it or supporting forcing functionality.

bridge.cairo#L360-L364

fn set_l1_l2_collection_mapping(ref self: ContractState, collection_l1: EthAddress, collection_l2: ContractAddress) {

ensure_is_admin(@self);

self.l1_to_l2_addresses.write(collection_l1, collection_l2);

self.l2_to_l1_addresses.write(collection_l2, collection_l1);

}

As we can see forcing feature is not supported we are just modifying the collections without providing the checks we did in L1Bridge.

So the two bridges do not have the same implementation when setting l1<->l2 addresses manually.

Recommendations

Implement the forcing check that is in L1Bridge in L2Bridge.

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,301

26 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.