ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

The `escrow` storage mapping is not reset to `0` once a token is withdrawn from the bridge on starknet

juan

Summary

See detail

Vulnerability Details

As seen here, when depositing an NFT into escrow, the escrow mapping is set via:

self.escrow.write((contract_address, token_id), from);

Then when withdrawing the NFT, here is the logic for transferring a escrowed token back to a user.

It does not reset the value of the escrow mapping, so the old state persists.

Impact

Whenever reading from the contract's state, the escrow mapping will be incorrect for a particular NFT.

Tools Used

Manual Review

Recommendations

Consider updating the escrow mapping as follows:

if is_escrowed {
IERC721Dispatcher { contract_address: collection_l2 }
.transfer_from(from, to, token_id);
+ self.escrow.write((collection_l2, token_id), ContractAddressZeroable::zero());
}
Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

finding-L2-withdrawing-do-not-clean-escrow-mapping

Impact: Incorrect state without any other impact, which deserves a Low according to CodeHawks documentation.

Appeal created

n0kto Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-L2-withdrawing-do-not-clean-escrow-mapping

Impact: Incorrect state without any other impact, which deserves a Low according to CodeHawks documentation.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.