Platform: Code4rena
Start Date: 02/10/2023
Pot Size: $1,100,000 USDC
Total HM: 28
Participants: 64
Period: 21 days
Judge: GalloDaSballo
Total Solo HM: 13
Id: 292
League: ETH
Rank: 46/64
Findings: 1
Award: $656.33
🌟 Selected for report: 0
🚀 Solo Findings: 0
656.3255 USDC - $656.33
After some transactions, the deposit functions from bridges can't be usable until the deposit limit is disabled.
When a user uses the deposit() function to transfer WETH or any ERC20 from L1 to L2, the _verifyDepositLimit() function checks for a deposit limit.
_verifyDepositLimit(msg.sender, msg.value);
When bridging WETH, the L1WETHBridge's deposit limit is checked, not the user's.
function _verifyDepositLimit(address _depositor, uint256 _amount) internal { IAllowList.Deposit memory limitData = IAllowList(s.allowList).getTokenDepositLimitData(address(0)); // address(0) denotes the ETH if (!limitData.depositLimitation) return; // no deposit limitation is placed for ETH require(s.totalDepositedAmountPerUser[_depositor] + _amount <= limitData.depositCap, "d2"); //@audit !! s.totalDepositedAmountPerUser[_depositor] += _amount; }
The function will revert if the totalDepositedAmountPerUser exceeds the depositCap, which can be quickly inflated by transactions and prevent users from bridging their assets.
Manual Review
the _verifyDepositLimit() needs to check the user's deposit limit instead of bridges.
DoS
#0 - c4-pre-sort
2023-11-02T14:55:11Z
141345 marked the issue as duplicate of #246
#1 - c4-judge
2023-11-24T19:24:50Z
GalloDaSballo marked the issue as satisfactory