Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(contracts): OZ-M01 L2USDCGateway Is Missing Rate Limiter Functionality #927

Merged
merged 2 commits into from Sep 11, 2023
Merged

fix(contracts): OZ-M01 L2USDCGateway Is Missing Rate Limiter Functionality #927

merged 2 commits into from Sep 11, 2023

Conversation

zimpha
Copy link
Member

@zimpha zimpha commented Sep 6, 2023

Purpose or design rationale of this PR

This PR fixed the issue reported by Openzepplin (M-01 L2USDCGateway Is Missing Rate Limiter Functionality) during Scroll USDC Gateway audit. The following are the details:

The L1USDCGateway contract inherits from L1ERC20Gateway . When a user initiates a deposit, the _transferERC20In function is called, which in turn invokes the rate limiter function _addUsedAmount . However, the L2USDCGateway contract inherits from L2ERC20Gateway which does not call the rate limiter _addUsedAmount function. This means that USDC withdrawals will not be subject to rate limiting.

Consider ensuring that _addUsedAmount is called when users make a withdrawal in USDC.

PR title

Your PR title must follow conventional commits (as we are doing squash merge for each PR), so it must start with one of the following types:

  • fix: A bug fix

Deployment tag versioning

Has tag in common/version.go been updated or have you added bump-version label to this PR?

  • No, this PR doesn't involve a new deployment, git tag, docker image tag
  • Yes

Breaking change label

Does this PR have the breaking-change label?

  • No, this PR is not a breaking change
  • Yes

@zimpha zimpha added the bug Something isn't working label Sep 6, 2023
@zimpha zimpha self-assigned this Sep 6, 2023
@github-actions
Copy link

github-actions bot commented Sep 6, 2023
edited

LCOV of commit e7fe44f during Contracts #29

Summary coverage rate:
  lines......: 51.6% (1013 of 1963 lines)
  functions..: 65.6% (227 of 346 functions)
  branches...: no data found

Files changed coverage rate: n/a

@HAOYUatHZ HAOYUatHZ merged commit ae1cb30 into develop Sep 11, 2023
4 checks passed
@HAOYUatHZ HAOYUatHZ deleted the fix/OZ-M01_L2USDCGateway_Is_Missing_Rate_Limiter_Functionality branch September 11, 2023 02:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HAOYUatHZ HAOYUatHZ HAOYUatHZ approved these changes

Assignees

@zimpha zimpha

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@zimpha @HAOYUatHZ