ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Users are potentially DOSed when depositing tokens

y0ng0p3

Summary

Users are potentially DOSed when depositing tokens

Vulnerability Details

When depositing tokens to the bridge, the Bridge::depositTokens function the length of the payload of the message to be sent to the Starknet network. Here is the check of the payload's length:

File: apps/blockchain/ethereum/src/Bridge.sol
if (payload.length >= MAX_PAYLOAD_LENGTH) { /// @audit wrong check on MAX_PAYLOAD_LENGTH
revert TooManyTokensError();
}

In the case the payload's length equals MAX_PAYLOAD_LENGTH, the transaction will revert. It should go through as MAX_PAYLOAD_LENGTH is the maximum length a payload can be. This results in a TooManyTokensError revert when the payload length is exactly the maximum allowed, preventing the user from depositing the desired tokens.

Impact

Users are prevented to deposit their tokens when the payload length is MAX_PAYLOAD_LENGTH

Tools Used

Manual review.

Recommendations

Change the check to this:

if (payload.length > MAX_PAYLOAD_LENGTH) {
revert TooManyTokensError();
}
Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.