Judge has assessed an item in Issue #7 as 2 risk. The relevant finding follows:
3. syncWithheldAmount needs to normalize according to bridging decimals.
The withheldAmount received from L2 -> L1 transaction can be unnormalized according to the bridging decimals.
For example for the Wormhole bridge, if the limitAmount for a target on the L2 is not a multiple of 1e10, the withheldAmount sent from L2 -> L1 will also not be multiple of 1e10, so it should be normalized here:
function syncWithheldAmount(uint256 chainId, uint256 amount) external {
address depositProcessor = mapChainIdDepositProcessors[chainId];
// Check L1 deposit processor address
if (msg.sender != depositProcessor) {
revert DepositProcessorOnly(msg.sender, depositProcessor);
}
// The overall amount is bound by the OLAS projected maximum amount for years to come
uint256 withheldAmount = mapChainIdWithheldAmounts[chainId] + amount;
if (withheldAmount > type(uint96).max) {
revert Overflow(withheldAmount, type(uint96).max);
}
// Update the withheld amount
mapChainIdWithheldAmounts[chainId] = withheldAmount;
emit WithheldAmountSynced(chainId, amount, withheldAmount);
}
Judge has assessed an item in Issue #7 as 2 risk. The relevant finding follows:
3.
syncWithheldAmount
needs to normalize according to bridging decimals.The
withheldAmount
received from L2 -> L1 transaction can be unnormalized according to the bridging decimals.For example for the Wormhole bridge, if the
limitAmount
for a target on the L2 is not a multiple of 1e10, thewithheldAmount
sent from L2 -> L1 will also not be multiple of 1e10, so it should be normalized here: