ArkProject: NFT Bridge

ArkProject

NFTBridge

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

_setL1L2AddressMapping fn doesn't check if the other address in the pair is already mapped

minato7namikazi

Vulnerability Details

function _setL1L2AddressMapping(

address collectionL1,

snaddress collectionL2,

bool force

)

internal

{

if (((snaddress.unwrap(_l1ToL2Addresses[collectionL1]) == 0) && (_l2ToL1Addresses[collectionL2] == address(0)))

|| (force == true)) {

_l1ToL2Addresses[collectionL1] = collectionL2;

_l2ToL1Addresses[collectionL2] = collectionL1;

} else {

revert CollectionMappingAlreadySet();

}

in the '_setL1L2AddressMapping'

The function allows setting a new mapping between L1 and L2 addresses if either the L1 or L2 address is not already mapped (or if 'force' is true). However, it doesn't check if the other address in the pair is already mapped to a different address.

For example, if L1 address A is already mapped to L2 address B, and we call this function with L1 address A and a new L2 address C (assuming C is not mapped), it will create a new mapping without removing the existing one. This could lead to inconsistent state where:

L1 address A is mapped to both L2 addresses B and C
L2 address B still thinks it's mapped to L1 address A

This could cause issues with token bridging

Impact

Admin calls setL1L2CollectionMapping(L1_A, L2_B)
Later, admin calls setL1L2CollectionMapping(L1_A, L2_C) (assuming L2_C is not mapped)
Result: L1_A is now mapped to both L2_B and L2_C, but L2_B still thinks it's mapped to L1_A
This inconsistency could lead to:
- Tokens being minted on L2_C when they should go to L2_B
- Potential double-spending if both L2_B and L2_C can claim ownership of the same L1 tokens
- Confusion in the deposit/withdraw process, potentially leading to locked or lost tokens

Tools Used

Manual review

Recommendations

To fix this, the function should check both addresses and only allow the mapping if both are unmapped (unless 'force' is true, in which case it should remove any existing mappings

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,301

26 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.