ArkProject: NFT Bridge

NFTBridge
60,000 USDC
Submission Details
Severity: low
Invalid

The cancelRequest function in the contract allows the cancellation of any request without verifying the caller's authority or ownership of the request. This could lead to unauthorized request cancellations.

Updates

Lead Judging Commences

Lead Judge about 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

invalid-cancel-callable-by-anyone

The process to cancel a message is detailed here: https://docs.starknet.io/architecture-and-concepts/network-architecture/messaging-mechanism/#l2-l1_message_cancellation Since `startRequestCancellation` has the `onlyOwner`, only the owner can begin that process.

Support

FAQs

Can’t find an answer? Join our Discord or follow us on Twitter.

Cyfrin
Updraft
CodeHawks
Solodit
Resources