Submission Details
Severity:
The L1ERC20Bridge.sol:_approveFundsToAssetRouter function does not support USDT leading to revert if USDT is being bridged.
Vulnerability Details
The code expects a boolean return value when calling the approve() function. However, USDT's implementation of the approve() function does not return a boolean value, which causes the contract to revert during execution.
function _approveFundsToAssetRouter(address _from, IERC20 _token, uint256 _amount) internal returns (uint256) {
uint256 balanceBefore = _token.balanceOf(address(this));
_token.safeTransferFrom(_from, address(this), _amount);
@-> bool success = _token.approve(address(L1_ASSET_ROUTER), _amount);
@-> if (!success) {
revert ApprovalFailed();
}
uint256 balanceAfter = _token.balanceOf(address(this));
return balanceAfter - balanceBefore;
}
This piece of code is also affected https://github.com/Cyfrin/2024-10-zksync/blob/main/era-contracts/l1-contracts/contracts/bridge/L1ERC20Bridge.sol#L207
Impact
USDT will revert if an attempt to bridge it is made.
Tools Used
Manual
Recommendations
Use SafeApprove instead
Updates
Lead Judging Commences
inallhonesty 6 months ago
Submission Judgement Published Assigned finding tags:
`L1ERC20Bridge` Uses Unsafe Approvals - USDT won't work
Prize pool breakdown
Total prize
500,000 USDC
nSLOC
15,74132 USDC / LOC
475,000 USDC
25,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.