ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

escrow variable is not being updated in withdraw_auto_from_l1

jokrsec

Summary

State incosistency due to not updating escrow variable after releasing tokens

Vulnerability Details

Tokens native to the chain will be added or locked in the escrow. L2 native tokens when bridged are locked in the escrow. The escrow variable is then updated accordingly.

self.escrow.write((contract_address, token_id), from);

When the tokens are bridged back to native chain, the tokens are released from escrow and transfered to the user.

But in withdraw_auto_from_l1 after the tokens are transfered the escrow variable is not being unset. This would result in a state inconsistancy that even if the tokens are released, escrow state still has the tokens

Impact

State incosistency could lead to severe issues this escrow variable is used in next versions of implementation. For example implementing ERC1155 standard.

Tools Used

Manual review

Recommendations

Unset escrow variable

if is_escrowed {
IERC721Dispatcher { contract_address: collection_l2 }
.transfer_from(from, to, token_id);
+ self.escrow.write((contract_address, token_id), 0);
}
Updates

Lead Judging Commences

n0kto Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

finding-L2-withdrawing-do-not-clean-escrow-mapping

Impact: Incorrect state without any other impact, which deserves a Low according to CodeHawks documentation.

Appeal created

n0kto Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-L2-withdrawing-do-not-clean-escrow-mapping

Impact: Incorrect state without any other impact, which deserves a Low according to CodeHawks documentation.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.