Users Cannot Withdraw Their NFTs When the Bridge is Disabled
Summary
The feature that disables the bridge is intended to block token transfers between L1 and L2 in case of security concerns. However, there is a flaw in this design. The function that allows users to withdraw their bridged NFTs also checks whether the bridge is enabled. If the bridge is disabled, users are unable to withdraw their NFTs, which is not the intended behavior.
Vulnerability Details
In the code snippet above, the withdrawal function checks if the bridge is enabled. If the bridge is not enabled, the function reverts, meaning it stops execution and no tokens are withdrawn.
This is problematic because the bridge's primary function is to manage the transfer of tokens between L1 and L2. Disabling the bridge should prevent new transfers but should not prevent users from withdrawing their existing NFTs. The current behavior of the contract mistakenly blocks withdrawals when the bridge is disabled, which is not what developers intended.
Impact
This bug prevents users from withdrawing their NFTs from the protocol, users might be unable to access their assets during critical times.
Tools Used
Manual Review
Recommendations
To fix this issue, the withdrawal function should not check the _enabled flag. This change should be applied to both bridge contracts to ensure that users can withdraw their NFTs regardless of whether the bridge is enabled or disabled.
Lead Judging Commences
finding-users-cannot-withdraw-while-bridge-disabled
Impact: Medium, token won’t be withdrawable until the bridge is enabled again. No real token loss. Likelyhood: Low/Medium, bridge would be disabled in case of emergency/upgrade/audit.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.