Platform: Code4rena
Start Date: 07/03/2024
Pot Size: $250,000 USDC
Total HM: 5
Participants: 24
Period: 21 days
Judge: 0xsomeone
Total Solo HM: 3
Id: 347
League: ETH
Rank: 3/24
Findings: 2
Award: $6,276.97
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0x11singh99
Also found by: Bauchibred, Dup1337, Topmark, XDZIBECX, bctester, bin2chen, erebus, forgebyola, oakcobalt, rvierdiiev, yashar, zhanmingjing
423.8686 USDC - $423.87
Using StateTransitionManager.freezeChain function admin can freeze specific chain. This means that all non freezable facets will not be callable anymore.
StateTransitionManager.unfreezeChain function should do the opposite action, however it by mistake calls freeze as well, which means that it will be not possible to unfreeze proxy.
Not possible to unfreeze proxy. Need to do upgrade.
VsCode
Use correct function to unfreeze.
Error
#0 - c4-judge
2024-04-02T17:02:53Z
alex-ppg marked the issue as duplicate of #97
#1 - c4-judge
2024-04-02T17:03:32Z
alex-ppg changed the severity to 3 (High Risk)
#2 - c4-judge
2024-04-29T13:51:53Z
alex-ppg changed the severity to 2 (Med Risk)
#3 - c4-judge
2024-04-29T13:54:36Z
alex-ppg marked the issue as partial-75
🌟 Selected for report: bin2chen
Also found by: rvierdiiev
5853.0975 USDC - $5,853.10
L2SharedBridge.finalizeDeposit function is allowed to be called by l1 shared bridge or legacy bridge.
The problem is that legacy bridge is not stored during initialization and thus finalization will not work.
Finalization of legacy deposit will not work.
VsCode
Save l1LegacyBridge variable.
Error
#0 - c4-judge
2024-04-02T16:59:02Z
alex-ppg marked the issue as duplicate of #77
#1 - c4-judge
2024-04-29T13:58:15Z
alex-ppg marked the issue as partial-50
#2 - rvierdiiev
2024-04-29T21:13:56Z
hello @alex-ppg can you explain why you set partial to this report? while short, it describes which functionality will not work and why it won't and how to fix it.
#3 - alex-ppg
2024-05-02T10:31:45Z
Hey @rvierdiiev, the submission is imprecise and lacks sufficient elaboration in comparison to its duplicate. I understand that the error is obvious, but the difference in effort between the submissions is tangible.
#4 - rvierdiiev
2024-05-02T10:40:57Z
@alex-ppg i uderstood your point and want to add my thoughts, if possible imagine someone also created super interesting images that show the error(diagrams), then that person put even more effort and so on(this is was selected for make people to do :)). i think that it should be enough to get the problem to the judge and i believe that i did it.
don't want to argue with you by any means and will accept the decision, just think that in case of such easy bug the explanation was enough and 50% cutoff is severe.
#5 - alex-ppg
2024-05-02T10:46:48Z
Hey @rvierdiiev, I understand diagrams and PoCs are "boilerplate" and do not necessarily provide value, but the Warden put more effort than superficial enhancements. For example, the following point in your submission is unclear:
Save l1LegacyBridge variable.
This statement does not mean anything by itself, as what is the correct configuration of the l1LegacyBridge variable? Your submission does not link the L2SharedBridge::initialize function at all so there is insufficient context to know that the _l1LegecyBridge variable is not saved during initialization. The root cause of the issue is not the one referenced by this submission, but rather the one referenced by the primary. It also uses incorrect terminology as the l1LegacyBridge variable is never saved but rather written to. The _l1LegecyBridge variable is saved to the l1LegacyBridge data location and this context is nowhere inferred by the submission.
I appreciate your PJQA contribution, but consider the 50% reduction to be fair to the primary exhibit's warden. I advise pinpointing the root cause of the issue you describe in your submission and making sure that all relevant data points are properly depicted in it without having to "infer" things from the code itself.