Submission Details
Severity:
`withdrawToken` fails to work
Summary
withdrawToken function of L2AssetRouter calls _ensureTokenRegisteredWithNTV to receive registered assetId, but it always return zero because of incorrect implementation, which makes the transaction revert always.
Vulnerability Details
function _ensureTokenRegisteredWithNTV(address _token) internal override returns (bytes32 assetId) {
IL2NativeTokenVault nativeTokenVault = IL2NativeTokenVault(L2_NATIVE_TOKEN_VAULT_ADDR);
nativeTokenVault.ensureTokenIsRegistered(_token);
}
The _ensureTokenRegisteredWithNTV is supposed to check if a token is registered with NTV and return assetId at the end so it can be used in withdrawToken function.
However, it does not assign any value to assetId which returns zero.
Impact
withdrawToken does not work.
Tools Used
Manual Review
Recommendations
_ensureTokenRegisteredWithNTV function should return registered assetId after validation.
Updates
Lead Judging Commences
inallhonesty 5 months ago
Submission Judgement Published Assigned finding tags:
`L2AssetRouter._ensureTokenRegisteredWithNTV` `assetId` return value is never assigned, which will cause `withdrawToken` to fail
Appeal created
inallhonesty
5 months ago
inallhonesty 5 months ago
Submission Judgement Published Assigned finding tags:
`L2AssetRouter._ensureTokenRegisteredWithNTV` `assetId` return value is never assigned, which will cause `withdrawToken` to fail
Prize pool breakdown
Total prize
500,000 USDC
nSLOC
15,74132 USDC / LOC
475,000 USDC
25,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.