Submission Details
Severity:
The L1ERC20Bridge.sol:_approveFundsToAssetRouter function does not support USDT leading to revert if USDT is being bridged.
Vulnerability Details
The code expects a boolean return value when calling the approve() function. However, USDT's implementation of the approve() function does not return a boolean value, which causes the contract to revert during execution.
function _approveFundsToAssetRouter(address _from, IERC20 _token, uint256 _amount) internal returns (uint256) {
uint256 balanceBefore = _token.balanceOf(address(this));
_token.safeTransferFrom(_from, address(this), _amount);
@-> bool success = _token.approve(address(L1_ASSET_ROUTER), _amount);
@-> if (!success) {
revert ApprovalFailed();
}
uint256 balanceAfter = _token.balanceOf(address(this));
return balanceAfter - balanceBefore;
}
This piece of code is also affected https://github.com/Cyfrin/2024-10-zksync/blob/main/era-contracts/l1-contracts/contracts/bridge/L1ERC20Bridge.sol#L207
Impact
USDT will revert if an attempt to bridge it is made.
Tools Used
Manual
Recommendations
Use SafeApprove instead
Updates
Lead Judging Commences
inallhonesty 11 months ago
Submission Judgement Published Assigned finding tags:
`L1ERC20Bridge` Uses Unsafe Approvals - USDT won't work
Prize pool breakdown
Total prize
500,000 USDC
nSLOC
15,74132
USDC / LOC
475,000 USDC
25,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.