ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

No zero address check for starknet addresses

jokrsec

Summary

Vulnerability Details

In Starknet, addresses are of the felt type. In L1 bridge contract all starknet address are checked if felts using isFelt252 function.

function isFelt252
uint256 val
)
internal
pure
returns (bool)
{
return val < SN_MODULUS;
}

But this doesn't check if the value of address is zero. It is important to check the addresses are zero as much as they are checked if it lies under a felt.

These are the following instances of this issue

setStarklaneL2Address(starklaneL2Address);
setStarklaneL2Selector(starklaneL2Selector);
if (!Cairo.isFelt252(snaddress.unwrap(ownerL2))) {
revert CairoWrapError();
}

Impact

L2 bridge will not be able to handle request correclty locking the NFTs. In some cases user might lose their NFTs is they are transfered to zero address

Tools Used

Manual review

Recommendations

Also check if the address is zero along with isFelt252 and use the below function to cover all instances

function snaddressWrap(
uint256 val
)
internal
pure
returns (snaddress)
{
- if (!isFelt252(val)) {
+ if (val == 0 || !isFelt252(val)) {
revert CairoWrapError();
}
return snaddress.wrap(val);
}
Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.