You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The process_l1_to_l2 function that is in aztec-nr don't fully validate the message, it don't check that:
portal address
chain id
version
Matches. Thereby allowing you to send messages to contracts without proper validation, meaning you can practically infinite mint using any portal on L1 as your sender as long as the format is correct. Chain id and version should also be checked for good measure to handle multi-chain and upgrades.
The text was updated successfully, but these errors were encountered:
…3457)
Fixes#3455 by also checking the portal address, version and chainid.
Needed updates in the tests to pass the additional tests.
Existing tests generally seem to be very heavily focused on happy paths,
we need to do something there.
Also ran `nargo fmt`
The
process_l1_to_l2
function that is in aztec-nr don't fully validate the message, it don't check that:Matches. Thereby allowing you to send messages to contracts without proper validation, meaning you can practically infinite mint using any portal on L1 as your sender as long as the format is correct. Chain id and version should also be checked for good measure to handle multi-chain and upgrades.
The text was updated successfully, but these errors were encountered: