code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-03-zksync//blob/main/contracts/L2EthToken.sol#L17

Vulnerability details

Summary

// https://github.com/code-423n4/2023-03-zksync//blob/main/contracts/L2EthToken.sol#L17

The L2EthToken contract does not provide a function to transfer tokens in the contract.

Impact

    /// @notice Initiate the ETH withdrawal, funds will be available to claim on L1 `finalizeEthWithdrawal` method.
    /// @param _l1Receiver The address on L1 to receive the funds.
    function withdraw(address _l1Receiver) external payable override {
        uint256 amount = msg.value;

        // Silent burning of the ether
        unchecked {
            balance[address(this)] -= amount;
            totalSupply -= amount;
        }

        // Send the L2 log, a user could use it as proof of the withdrawal
        bytes memory message = _getL1WithdrawMessage(_l1Receiver, amount);
        L1_MESSENGER_CONTRACT.sendToL1(message);

        emit Withdrawal(msg.sender, _l1Receiver, amount);
    }

The withdraw function of this contract is a payable function that will accept tokens from the caller, and these tokens may be permanently stored in this contract.

Proof of Concept

Tools Used

Manual

Recommended Mitigation Steps

It is recommended to provide a function to extract the token in the contract.

miladpiri commented 1 year ago

The token will be burnt so it is not stored on the contract.

c4-sponsor commented 1 year ago

miladpiri marked the issue as sponsor disputed

GalloDaSballo commented 1 year ago

Closing Due to lack of information

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Insufficient proof

code-423n4 / 2023-03-zksync-findings

`L2EthToken` contract does not provide a function to transfer tokens in the contract #82