ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Payload check does not exist when Bridging from `L2` to `L1`

alqaqa

Vulnerability Details

When Bridging NFTs from L1 to L2 there is a check that ensures the payload data we are Bridging do not exceed MAX_PAYLOAD_LENGTH which is set to 300

Bridge.sol#L134-L136

if (payload.length >= MAX_PAYLOAD_LENGTH) {
revert TooManyTokensError();
}

But if we check bridge.cairo we will find that this check is not implemented, we are not checking whether the payload length exceeds a certain value or not.

bridge.cairo#L292-L299

let mut buf: Array<felt252> = array![];
req.serialize(ref buf);
starknet::send_message_to_l1_syscall(
self.bridge_l1_address.read().into(),
buf.span(),
)
.unwrap_syscall();

This will make L1Bridge and L2Bridge work with different logic. where one of them restricts the payload length and other is not.

Tools Used

Manual Review

Recommendations

Implement the max payload check in L2Bridge.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.