ArkProject: NFT Bridge

Summary

The deployERC721Bridgeable function in Solidity and the deploy_erc721_bridgeable function in Cairo both deploy new instances of the ERC721 bridgeable contract each time they are called, instead of using a clone pattern.

Vulnerability Details

In the provided code, every invocation of the deployERC721Bridgeable function on Ethereum or deploy_erc721_bridgeable on Starknet results in the deployment of a new contract instance. This approach consumes more resources and incurs higher costs for deployment compared to using clone contracts. Cloning involves deploying a single implementation contract and creating multiple proxies or clones that delegate calls to this implementation. By not utilizing a cloning mechanism, the current implementation leads to unnecessary gas costs and inefficiencies in contract deployment.

Impact

Deploying new instances of the contract each time rather than using a clone pattern has the following impacts:

1. Increased Gas Costs: Each deployment involves significant gas costs, making it more expensive to deploy multiple contracts.

2. Resource Inefficiency: Deploying multiple instances of the same contract unnecessarily consumes blockchain resources and may lead to scalability issues.

3. Deployment Overhead: Each contract deployment requires additional setup and initialization, which can be avoided with a cloning approach.

Recommendations

Use Clones for Efficiency: Implement a cloning mechanism where a single implementation contract is deployed and multiple proxies are created. For Ethereum, this can be achieved using the Clones library or other proxy patterns. For Starknet, consider using the ContractFactory pattern to deploy proxies. Read more about OpenZepplein Clones library here: https://docs.openzeppelin.com/contracts/4.x/api/proxy#Clones