Era
ZKsync
FoundryLayer 2
500,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

`L1ERC20Bridge` doesn't approve some tokens like USDT

cipher27

Summary

In L1ERC20Bridge contract implementation, it only accepts tokens that return true in approve function.
However, some tokens like USDT do not return true after approval, thus failing to bridge USDT.

Vulnerability Details

function _approveFundsToAssetRouter(address _from, IERC20 _token, uint256 _amount) internal returns (uint256) {
uint256 balanceBefore = _token.balanceOf(address(this));
_token.safeTransferFrom(_from, address(this), _amount);
-> bool success = _token.approve(address(L1_ASSET_ROUTER), _amount);
if (!success) {
revert ApprovalFailed();
}
uint256 balanceAfter = _token.balanceOf(address(this));
return balanceAfter - balanceBefore;
}

During the deposit through L1ERC20Bridge contract, it calls _approveFundsToAssetRouter function, as shown above, which approves tokens to the asset router.

And then it reverts if success is false, which does not allow tokens like USDT that do not return true after approval.

Impact

Tokens like USDT can't be bridged

Tools Used

Manual Review

Recommendations

OpenZeppelin's SafeERC20 library should be used to mitigate the issue.

Updates

Lead Judging Commences

inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`L1ERC20Bridge` Uses Unsafe Approvals - USDT won't work

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.