cancelRequest does not handle paused state
Summary
The Starklane contract contains a vulnerability where the cancelRequest function does not respect the paused state of the bridge. This allows request cancellations to proceed even when the bridge is paused, which is an unintended behaviour within the contract state
Vulnerability Details
The cancelRequest function is designed to cancel pending requests by interacting with the Starknet messaging system. However, the function does not check whether the bridge is enabled before performing the cancellation. This oversight can allow request cancellations to occur even when the bridge is paused, which contradicts the expected behavior of a paused system.
Impact
The impact of this vulnerability is significant. Allowing actions to proceed on a paused bridge undermines the purpose of the pause functionality, which is typically used to halt operations during emergencies or when critical issues are detected.
Tools Used
Manual code review
Recommendations
Modify the cancelRequest function to include a check that ensures the bridge is enabled before allowing any cancellations to proceed.
require(_enabled, "Bridge is paused");
Lead Judging Commences
invalid-cancel-when-bridge-disable
Technically, if you cancel a message, the token is not really bridged. If you can withdraw, it means that the token has already been bridged. Those two funtions do not have to be disable when the bridge is. Moreover nothing should prevent users to get back their NFT.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.