Missing Hash Verification in `bridge.cairo::withdraw_auto_from_l1` Function
Description:
The bridge.cairo::withdraw_auto_from_l1 function currently lacks a verification process for the hash associated with token transfer requests from Layer 1 to Layer 2. The hash is a critical component that ensures the integrity of the request data. Without proper hash verification, there is a risk that the data could be tampered with during transmission, leading to potential security vulnerabilities.
Impact:
Failure to verify the hash could allow attackers to alter the data during transmission from Layer 1 to Layer 2, leading to unauthorized or incorrect token transfers. This could compromise the integrity of the token bridge process, resulting in incorrect token balances or potential loss of assets.
Recommended Mitigation:
Implement hash verification within the bridge.cairo::withdraw_auto_from_l1 function to ensure that the data received on Layer 2 matches the data sent from Layer 1. This will help detect and prevent any tampering or data alteration during the transfer process. The following changes are recommended:
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.