ArkProject: NFT Bridge

Summary

The depositTokens function in the Starklane bridge contract fails to properly initialize the Request req struct, specifically the tokenValues field. While tokenIds is populated, tokenValues remains unset, which could cause issues when handling token types that require both token IDs and corresponding values. This oversight results in incomplete data being stored in the req object, which could cause inconsistencies or potential issues in token bridging operations.

Vulnerability Details

The Request struct, used to store information about the token bridging operation, includes fields for both tokenIds and tokenValues. The tokenIds field is correctly populated during the execution of the depositTokens function:

However, the tokenValues field is not initialized, leading to an incomplete Request object. The missing initialization could create problems, especially if future logic or functions depend on the tokenValues field, as uninitialized fields can lead to unexpected behavior or errors during execution.

Impact

• Incomplete Data: The Request req object may be missing crucial information if the tokenValues field is not initialized. Even though it might not have an immediate effect, any logic that relies on this data could malfunction.

• Potential for Future Bugs: If the contract is expanded or new features are added that depend on the full initialization of the Request struct, this omission could lead to bugs or unexpected behavior.

• Data Consistency Risks: Having partially initialized struct objects can introduce risks of data inconsistency, making the system harder to maintain and reason about in the future.

Tools Used

Manual Code Review

Recommendations

To ensure that the Request struct is fully and consistently initialized, initialize the tokenValues field when creating the Request object. If tokenValues is not used or needed for the specific operation, it should still be initialized with a default or empty array to avoid potential issues.