60,000 USDC
Submission Details
Severity:
User can set a wrong address as owner on L2
Summary
User can set a wrong address as new owner on L2 due to insufficient checks.
Vulnerability Details
In bridge.sol::depositTokens it only checks if the ownerL2 is felt252 i.e it should be less than SN_MODULES,a user can enter a wrong address which is less than modules and it wont revert it.eg. there is an address which didnt exist yet on L2 but it can fit in to felt252 (@return True if the value can fit into a felt252, false otherwise.) and user deposit its fund on it by mistake which can lock the funds
/**
@notice Verifies if the given uint256 can be considered
as a felt252.
@param val Value to be checked as a felt252.
@return True if the value can fit into a felt252, false otherwise.
*/
function isFelt252(
uint256 val
)
internal
pure
returns (bool)
{
return val < SN_MODULUS;
}
Impact
Funds can lock forever
Tools Used
manually
Recommendations
check if the address exists on L2 or not..
Updates
Lead Judging Commences
n0kto about 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Total prize
60,000 USDC
nSLOC
2,30126 USDC / LOC
50,000 USDC
5,500 USDC
4,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.