Tokens automatic burn is ignored by the bridge
Summary
When brigding tokens from either Starknet or Ethereum and vice versa, users are allowed to determine if the tokens they are bridging will burn once the transfer is successfully sent. This is set via the use_deposit_burn_auto and useAutoBurnparameter in bridge.cairo and bridge.sol contracts respectively.
However, this is completely ignored as neither contracts implements the burning mechanism in the contract which completely ignores the choice of the user.
Vulnerability Details
On Ethereum the useAutoBurnis ingested in the request header as seen here: https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L109
The same is true on Starknet as seen here: https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/starknet/src/bridge.cairo#L277C58-L277C79
However, there is no mechanism to burn the tokens once transferred if this is the users choice.
Impact
Users choice to burn their tokens once bridged is completely ignored.
Tools Used
Recommendations
Consider implementing the autoburn mechanism.
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.