ArkProject: NFT Bridge

Title

Underpaid deposit transaction will never be relayed and result in loss of nft.

Line of code

https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Bridge.sol#L137

Vulnerability Details

From the starknet documentation:
https://docs.starknet.io/architecture-and-concepts/network-architecture/messaging-mechanism/#l1-l2-message-fees

An L1 → L2 message induces a transaction on L2, which, unlike regular transactions, is not sent by an account. This calls for a different mechanism for paying the transaction’s fee, for otherwise the sequencer has no incentive of including L1 handler transactions inside a block.

and From Cairo Language Documentation
https://book.cairo-lang.org/ch16-04-L1-L2-messaging.html#cairo-serde

It's important to note that we have {value: msg.value}. In fact, the minimum value we've to send here is 20k wei, due to the fact that the StarknetMessaging contract will register the hash of our message in the storage of Ethereum.

In addition to those 20k wei, since the L1HandlerTransaction executed by the sequencer is not tied to any account (the message originates from L1), you must also ensure that you pay enough fees on L1 for your message to be deserialized and processed on L2.

Now if we look at the Starklane::depositTokens(), it used to deposit token in escrow and initiates the transfer to Starknet.

But there is no validation to ensure this msg.value is paid enough when deposit the NTF and send the message out. An under-paid message will result in stuck of nft.

Impact

Loss of user's NFT due to not supplying enough gas for cross chain transfer.

Tools Used

Manual Review

Recommendations

We recommend to check if the user has sent enough which should not be lesser than is 20k wei.