Skip to content

Prevent users from sending more than the required amount of ether in L1EthBridge.sol#deposit  #114

New issue
New issue
Closed
Closed
Prevent users from sending more than the required amount of ether in L1EthBridge.sol#deposit #114
Labels
QA (Quality Assurance)Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntaxbugSomething isn't workingdowngraded by judgeJudge downgraded the risk level of this issueduplicate-110
@code423n4

Description

@code423n4
code423n4
opened on Nov 4, 2022

Lines of code

https://github.com/code-423n4/2022-10-zksync/blob/main/ethereum/contracts/bridge/L1EthBridge.sol#L96
https://github.com/code-423n4/2022-10-zksync/blob/main/ethereum/contracts/bridge/L1EthBridge.sol#L107

Vulnerability details

Description

When a user deposits via the deposit function in L1EthBridge.sol, the function checks if msg.value >= _amount. As a result, if a user accidentally sends more ether than he has to (_amount), only the _amount defined in the function call will be deposited.

Proof of Concept

msg.value must be >= than _amount

	uint256 zkSyncFee = msg.value - _amount;

https://github.com/code-423n4/2022-10-zksync/blob/main/ethereum/contracts/bridge/L1EthBridge.sol#L96

	depositAmount[msg.sender][txHash] = _amount;

https://github.com/code-423n4/2022-10-zksync/blob/main/ethereum/contracts/bridge/L1EthBridge.sol#L107

Recommended Mitigation Steps

Consider adding the following requirement: require(msg.value == _amount).

Metadata

Metadata

Assignees

No one assigned

    Labels

    QA (Quality Assurance)Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntaxbugSomething isn't workingdowngraded by judgeJudge downgraded the risk level of this issueduplicate-110

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions