Potential Exploit in `verify_collection_address` Function Due to Misplaced `l1_req` and `l1_bridge` Checks
Summary
The verify_collection_address function in collection-manager.cairo checks the l1_req and l1_bridge parameters later in the function, which can be exploited to override collection addresses under specific conditions.
Vulnerability Details
The l1_req and l1_bridge checks occur after other conditions are evaluated. If l2_req and l2_bridge are both zero, but l1_req and l1_bridge differ, the function can incorrectly return a zeroed contract address without verifying the L1 addresses, allowing an attacker to override the collection address.
Impact
This vulnerability could allow an attacker to manipulate the collection addresses, potentially leading to unauthorized control or mismanagement of collections, which could have severe consequences in a production environment.
Recommendations
Move the l1_req and l1_bridge checks to the beginning of the function to ensure that these critical validations occur before any other logic is executed. This will prevent the possibility of exploiting the function to override collection addresses.
This adjustment secures the function against the potential exploit and ensures that all critical checks are performed early.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.