Submission Details
Severity:
`L1ERC20Bridge.deposit` fails with tokens that revert on zero value approvals
Summary
Some tokens (e.g. BNB) that revert on zero value approvals can't be used in L1ERC20Bridge.deposit function as it tries to clear allowance on L1_ASSET_ROUTER at the end.
Vulnerability Details
According to weird-tokens:
Some tokens (e.g. BNB) revert when approving a zero value amount (i.e. a call to approve(address, 0)).
Integrators may need to add special cases to handle this logic if working with such a token.
In L1ERC20Bridge.deposit function, it clears the allowance on L1_ASSET_ROUTER:
function deposit(
address _l2Receiver,
address _l1Token,
uint256 _amount,
uint256 _l2TxGasLimit,
uint256 _l2TxGasPerPubdataByte,
address _refundRecipient
) public payable nonReentrant returns (bytes32 l2TxHash) {
...
// clearing approval
>> bool success = IERC20(_l1Token).approve(address(L1_ASSET_ROUTER), 0);
if (!success) {
revert ApprovalFailed();
}
depositAmount[msg.sender][_l1Token][l2TxHash] = _amount;
emit DepositInitiated({
l2DepositTxHash: l2TxHash,
from: msg.sender,
to: _l2Receiver,
l1Token: _l1Token,
amount: _amount
});
}
That means, deposit operation will fail with such tokens.
Impact
The L1ERC20Bridge.deposit function's inability to handle tokens that revert on zero-value approvals could disrupt deposit functionality for such tokens.
Tools Used
Manual Review
Recommendations
Utilize OpenZeppelin's SafeERC20 library to handle token approvals securely.
Updates
Lead Judging Commences
inallhonesty 10 months ago
Submission Judgement Published Assigned finding tags:
Tokens that revert on 0 approval.
Prize pool breakdown
Total prize
500,000 USDC
nSLOC
15,74132
USDC / LOC
475,000 USDC
25,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.