Messages can be stuck in cerain scenarios
Summary
Messages can be stuck in cerain scenarios
Vulnerability Details
The protocol ensures that the bridge is enabled before any transaction is sent, this is implemented in the withdraw and deposit function on both bridge contract on starknet and ethereum, the issue here is that when L1 bridge is enabled and starknet bridge is not yet enabled all transactions sent from L1 to starknet will revert on starknet as the L1 handler tries to call it https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/starknet/src/bridge.cairo#L134 , ths will cause the tokens to be stuck on L1 and will cause the owner to start cancelling all the messages manually (NB: cancellation takes 5 days to be completed) and also all the fees paid when sending the message on L1 will be lost as cancelling message does not refund fees (fees can go as high as 1 ether).
Impact
Stuck messages and possible lack of funds
Tools Used
Manual Review
Recommendations
Remove the check on bridge.cairo that checks if bridge is enabled or not
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Appeal created
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.