search

code-423n4 / 2022-01-livepeer-findings

0 stars 0 forks source link

L2Migrator Allows to Deposit Ether And Ether Will be Locked in the contract #239

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

defsec

Vulnerability details

Impact

In the livepeer repository, It is written L1Migrator does not support to ETH. However, on the L2Migrator receive function has been defined.

Proof of Concept

  1. Navigate to the following repository.

https://github.com/livepeer/arbitrum-lpt-bridge/blob/ebf68d11879c2798c5ec0735411b08d0bea4f287/contracts/L2/gateway/L2Migrator.sol#L235

Tools Used

None

Recommended Mitigation Steps

Revert when the contract receive native token.

yondonfu commented 2 years ago

Duplicate of https://github.com/code-423n4/2022-01-livepeer-findings/issues/177

0xleastwood commented 2 years ago

As per #177, this is intended behaviour.