ArkProject: NFT Bridge

ArkProject

NFTBridge

60,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Poor Implementation of NFT Collection Whitelisting Causes Permanent Denial of Service (DoS) in Withdrawal Feature

bladesec

Summary

The current implementation of the withdrawal process in the L1 bridge contract automatically adds the associated NFT collection to a whitelist. However, the algorithm used for this whitelisting process has a time complexity of O(N), meaning that as the number of whitelisted NFT collections grows, the gas required for the operation increases significantly. Eventually, this will lead to a situation where the gas required exceeds the block gas limit, effectively causing a permanent Denial of Service (DoS) for the withdrawal feature.

Vulnerability Details

function _whiteListCollection(address collection, bool enable) internal {

if (enable && !_whiteList[collection]) {

bool toAdd = true;

uint256 i = 0;

while(i < _collections.length) {

if (collection == _collections[i]) {

toAdd = false;

break;

}

i++;

}

if (toAdd) {

_collections.push(collection);

}

_whiteList[collection] = enable;

}

The code snippet above shows the implementation of the _whiteListCollection function. This function is invoked in two main scenarios:

When users bridge and withdraw NFTs via the withdrawTokens function.
When an admin enables or disables an NFT collection.

In its current form, the function iterates through the entire list of NFT collections to check if the collection is already included. If the collection is not found in the list, it is then added to the array.

Because this function checks every collection one by one, the amount of gas needed depends on how many collections are already whitelisted. As the list of collections gets longer over time, the gas cost increases, eventually surpassing the block gas limit. This will make it impossible to execute the withdrawal and whitelisting functions, leading to a permanent Denial of Service (DoS).

Impact

If this vulnerability is not addressed, two critical issues will arise:

Users will be unable to bridge NFTs to L1: The withdrawal feature will become unusable, preventing users from transferring their NFTs to L1.
Admins will lose control over NFT collections: Admins will be unable to enable or disable NFT collections, severely limiting the protocol's functionality and governance.

Tools Used

Manual Review

Recommendations

To resolve this issue, the whitelisting process should be optimized by using a mapping instead of an array. This change will improve the time complexity from O(N) to O(1), ensuring that the gas cost remains constant regardless of the number of whitelisted NFT collections.

Updates

Lead Judging Commences

n0kto Lead Judge 11 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-collections-always-withelisted-on-both-chain-withdraw-impossible-collections-array-will-be-OOG

Likelyhood: High, once the whitelist option is disabled, collections will grow. Impact: High, withdraw won’t be possible because of Out-Of-Gas.

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,301

26 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.