L2AssetRouter::_ensureTokenRegisteredWithNTV will always return zero, as assetId variable is never updated inside the function
Summary
L2AssetRouter::_ensureTokenRegisteredWithNTV function is supposed to return the asset Id of the registered token. However, this value is never set and the function is always returning a default bytes32 value.
Vulnerability Details
L2AssetRouter::_ensureTokenRegisteredWithNTV function is used to get the asset Id corresponding to the token address passed as argument. However, even when the function actually perform some calculations, the returned assetId variable is never updated. This results in an incorrect return value, causing processes that rely on this data to fail.
Impact
Impact: High
Functions that depend on the return value of L2AssetRouter::_ensureTokenRegisteredWithNTV will always fail.
Likelihood: Medium
Tools Used
Manual Review
Recommendations
Update the assetId variable after perform the calculations within the function.
Lead Judging Commences
`L2AssetRouter._ensureTokenRegisteredWithNTV` `assetId` return value is never assigned, which will cause `withdrawToken` to fail
Appeal created
`L2AssetRouter._ensureTokenRegisteredWithNTV` `assetId` return value is never assigned, which will cause `withdrawToken` to fail
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.