code423n4 commented 2 years ago

Handle

defsec

Vulnerability details

Impact

Several contract perform low-level calls to the L2LPT contracts and do not check the success value. While these calls should never fail when the contract addresses are correct, we still recommend checking the success return value of these low-level calls.

Proof of Concept

Navigate to the following contracts.

https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L1/gateway/L1LPTDataCache.sol#L66

https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L1/gateway/L1Migrator.sol#L413

https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L1/gateway/L1Migrator.sol#L446

https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L1/gateway/L1Migrator.sol#L494

Tools Used

None

Recommended Mitigation Steps

Check the success return value of all low-level calls and revert if it's false.

yondonfu commented 2 years ago

Labeled as sponsor disputed because while provided links involve generating ABI encoded calldata that is meant to be executed on L2 via Arbitrum retryable tickets there are no actual low level calls being performed in the referenced contract itself and any execution of the calldata is handled by Arbitrum so there are no changes to be made in the referenced contract.

0xleastwood commented 2 years ago

Agree, these low-level calls are not handled by Livepeer's contracts.

code-423n4 / 2022-01-livepeer-findings