yondonfu
commented
2 years ago The L2Migrator needs to have receive() so it can receive ETH from the L1Migrator via migrateETH().
Closed code423n4 closed 2 years ago
yondonfu
commented
2 years ago The L2Migrator needs to have receive() so it can receive ETH from the L1Migrator via migrateETH().
0xleastwood
commented
2 years ago This is intended behaviour, marking as invalid.
Handle
Jujic
Vulnerability details
Impact
There doesn't seem to be a use case for the existence of the receive() function. In fact, I will recommend removing it as it will prevent accidental native token transfers to the contract.
Proof of Concept
https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L2/gateway/L2Migrator.sol#L235
Tools Used
Remix
Recommended Mitigation Steps
Remove the receive() function.