yondonfu
commented
2 years ago Labeled as sponsor disputed.
See this note from the contest repo README under the L2 protocol contracts section:
"The repo that contains these contracts is https://github.com/livepeer/protocol/tree/confluence at Git commit hash 439445f3ab6ef88f490ee2fdafb84c7d8fee76f3."
The referenced function does exist in this commit and as mentioned in the README this commit is the one to be used for L2 protocol contract dependencies that the L2Migrator interacts with. We do understand that there might've been some confusion around which commit to look at.
0xleastwood
Handle
harleythedog
Vulnerability details
Impact
The
L2Migratorcontract makes use of the functionfundDepositAndReserveForon the ticket broker. In the commit hash for the contest (seen from this snippet from the contest page:) this function does not exist. This means that any attempts to call this function will result in the fallback function being called, so all calls to
finalizeMigrateSenderon theL2Migratorwill not work correctly.Proof of Concept
See the code the
L2Migratorhere. See the TicketBroker implementation here.Tools Used
Manual inspection.
Recommended Mitigation Steps
Add in the function
finalizeMigrateSenderto theTicketBrokerimplementation,NOTE TO JUDGE: I have discussed this issue with the sponsor, we have both agreed that this function technically does not exist in the commit hash provided by the contest. We agreed that I should submit the issue for now, although technically this is not a very real issue since the function has been added in later commits. Since these later commits are outside the scope of the contest, I am guessing this finding is still valid? Also, I realize now that a previous finding I submitted titled "L2Migrator calls wrong function on bondingManager" has this exact same issue.