Era

Summary

https://github.com/Cyfrin/2024-10-zksync/blob/cfc1251de29379a9548eeff1eea3c78267288356/era-contracts/l1-contracts/contracts/bridge/L2WrappedBaseTokenStore.sol#L68

https://github.com/Cyfrin/2024-10-zksync/blob/cfc1251de29379a9548eeff1eea3c78267288356/era-contracts/l1-contracts/contracts/bridge/L2WrappedBaseTokenStore.sol#L90

https://github.com/Cyfrin/2024-10-zksync/blob/cfc1251de29379a9548eeff1eea3c78267288356/era-contracts/l1-contracts/contracts/bridge/L2WrappedBaseTokenStore.sol#L80

The L2WrappedBaseTokenStore contract lacks validation for the chainId parameter when setting the L2 wrapped base token address. This could lead to improper entries in the l2WBaseTokenAddress mapping and may allow unauthorized or misleading entries, creating potential security and functional risks.

Vulnerability Details

The _setWBaseTokenAddress, initializeChain, and reinitializeChain functions allow any chainId to be added to the l2WBaseTokenAddress mapping without verification.

Cause: Lack of validation checks on the chainId parameter.

Attackers could add arbitrary or duplicate chainId entries, potentially with addresses that point to malicious contracts or addresses. This could result in unintended interactions, particularly if another function or contract relies on the validity of the chainId entries.

Impact

The absence of chainId validation allows any chainId to be used in the mapping. This could result in:

Incorrect or Unauthorized Chain Entries: Malicious actors might add arbitrary chainId entries, potentially with invalid or misleading addresses, which could disrupt applications that rely on accurate data for specific chainId values.

Confusion and Inconsistency: Mapping might contain invalid or duplicate chainId entries, complicating management and auditing of token addresses associated with valid chains.

Potential for Spoofing or Phishing: Attackers could add entries for fake or unexpected chainIds, potentially tricking users or contracts that use this mapping into interacting with malicious addresses.

Tools Used

Recommendations

Implement Chain ID Validation: Restrict valid chainId values by checking against a predefined list or registry of legitimate blockchain networks. This ensures only approved chainIds can be used in the mapping.

Add a chainId Uniqueness Check: Before adding or modifying an entry, ensure the chainId does not already exist unless explicitly allowed.

Establish an Access Control Mechanism: Consider requiring explicit owner approval to add new chainId entries to ensure they’re valid.

Event Monitoring: Enhance logging with specific events to monitor additions to chainId entries, allowing easier auditing and detection of potentially unauthorized updates.