ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Loss of whitelisted collections due to a misimplementation of `_white_list_collection`

x18a6

Summary

The _white_list_collection function overwrites the next pointer of a collection with no_value when changing its active status, which lead to loss of nodes in the list.

Vulnerability Details

starknet/src/bridge.cairo#L491-L502

fn _white_list_collection(ref self: ContractState, collection: ContractAddress, enabled: bool) {
let no_value = starknet::contract_address_const::<0>();
let (current, _) = self.white_listed_list.read(collection);
if current != enabled {
let mut prev = self.white_listed_head.read();
if enabled {
@> self.white_listed_list.write(collection, (enabled, no_value));
if prev.is_zero() {
self.white_listed_head.write(collection);
return;
}
// find last element
...

In the _white_list_collection function, when changing the active status of a collection, the function writes (enabled, no_value) to the white_listed_list mapping for the collection key. This effectively overwrites the next pointer of the collection with no_value, which could remove it from the list and cause any collections that were supposed to be after this collection in the list to be lost.

Impact

This issue could lead to incorrect behavior of the contract. Collections that are supposed to be in the list could be lost.

Tools Used

Manual review.

Recommendations

+ let (active, next) = self.white_listed_list.read(collection);
+ self.white_listed_list.write(collection, (enabled, next));

This change ensures that the next pointer of the collection is preserved when changing its active status, preventing the loss of nodes in the list.

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.