Unbounded loop in `_whiteListCollection` will make the bridge unusable
Summary
Pending NFTs might get locked and bridge will be unsuable after a point due to use of unbounded loops
Vulnerability Details
When the NFTs are bridged from L2 -> L1, the withdrawTokens function can be called by user to withdraw bridged NFT. But if it is the first token of a NFT collection, then correponding bridgable collection would be deployed in L1. Along with that collection address of deployed contract will be whitelisted
But the _whiteListCollection function loops on all of the collections array to add a whitelist. This function would gradually consume more gas due to increasing array length. At some point the gas required will be more than the gas block limit causing the whole transaction to revert.
Impact
pending NFTs bridged from L2 will get locked forever. And also the bridge contract would be unusable further
At some point no more collections can be whitelisted
Tools Used
Manual review
Recommendations
There has to be a way to remove the disabled tokens. Or unbounded loops need to be removed
Lead Judging Commences
finding-collections-always-withelisted-on-both-chain-withdraw-impossible-collections-array-will-be-OOG
Likelyhood: High, once the whitelist option is disabled, collections will grow. Impact: High, withdraw won’t be possible because of Out-Of-Gas.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.