Functions retrieveDeposit() , redeemDeposit() & retrySettlement in BranchBridgeAgent lack access control
#650
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Comments
code423n4
added
2 (Med Risk)
|
trust1995 marked the issue as unsatisfactory: |
c4-judge
added
the
unsatisfactory
|
The warden has not developed the impact to the level required as #869 has done. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/ulysses-omnichain/BranchBridgeAgent.sol#L433-L439
https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/ulysses-omnichain/BranchBridgeAgent.sol#L450-L456
https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/ulysses-omnichain/BranchBridgeAgent.sol#L418-L430
Vulnerability details
Impact
Users can force the execution of some functions on behalf of other users
Proof of Concept
redeemDeposit()becomes available inBranchBridgeAgentwhen execution has failed from Branch to Root in order for the user to collect the deposited tokens. The problem is that there is no access control and anyone can callredeemDeposit()for any deposit nonce, a user might not want to redeem a deposit and instead retry-it. SimilarlyretrieveDeposit&retrySettlementalso lack access control. These functions should be available only to the depositor.Tools used
Manual Inspection
Mitigation
Add access control checks to the mentioned functions
Assessed type
Access Control
The text was updated successfully, but these errors were encountered: