60,000 USDC
Submission Details
Severity:
_verifyRequestAddresses not called under cancelRequest function, which can deteriorate the mapping between the request addresses and the storage
Summary
_verifyRequestAddresses not called under cancelRequest function, which can deteriorate the mapping between the request addresses and the storage
Vulnerability Details
cancelRequest do not call _verifyRequestAddresses to verify the mapping between request address and stroage which is a important function implemented in collection manager to check for all the address stored under storage and to verify them against the collection.
This can cause a discrepancy between actual cancel request cancellation params and the params stored under storage for example if a user provide a false request, whoes req.collectionL1 and req.collectionL2 are not matched from the storage, which can possibly lead to wrong item canelled or DOS of cancellation function futher more, if a malicious user guess a correct payload and a nonce he can cancel the on going request.
Impact
DOS of a function OR malicious user can cancel anyother on going request.
Tools Used
Recommendations
Add a _verifyRequestAddresses check under cancelRequest function.
Updates
Lead Judging Commences
n0kto 10 months ago
Submission Judgement Published Reason: Incorrect statement
Assigned finding tags:
invalid-cancel-callable-by-anyone
The process to cancel a message is detailed here: https://docs.starknet.io/architecture-and-concepts/network-architecture/messaging-mechanism/#l2-l1_message_cancellation Since `startRequestCancellation` has the `onlyOwner`, only the owner can begin that process.
Prize pool breakdown
Total prize
60,000 USDC
nSLOC
2,30126 USDC / LOC
50,000 USDC
5,500 USDC
4,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.