restoreBridgeTransaction Function in BridgeFacet Contract will update accounting states even if the accounting is paused
Summary
The restoreBridgeTransaction function in the BridgeFacet contract is intended to restore a previously suspended bridge transaction and update the valid transaction amount. However, this function does not include the whenNotAccountingPaused modifier, which is used to prevent users from changing balances. This poses a potential inconsistency, as the restoreBridgeTransaction function in the BridgeFacetImpl library updates the balance without this check.
Vulnerability Detail
The restoreBridgeTransaction function in the BridgeFacet contract does not include the whenNotAccountingPaused modifier, which is used to prevent balance changes when the accounting is paused. This can lead to an inconsistency in the contract state if the accounting is paused while a DISPUTE_ROLE user attempts to restore a bridge transaction and update the valid transaction amount.
The missing whenNotAccountingPaused modifier in the restoreBridgeTransaction function allows DISPUTE_ROLE users to update balances even when the accounting is paused. This can result in incorrect balance updates and potential inconsistencies in the contract state.
Include the whenNotAccountingPaused modifier in the restoreBridgeTransaction function in the BridgeFacet contract to ensure that balance updates are only allowed when the accounting is not paused. This will help maintain consistency in the contract state and prevent potential issues related to incorrect balance updates.
0xAadi
Medium
restoreBridgeTransaction
Function inBridgeFacet
Contract will update accounting states even if the accounting is pausedSummary
The
restoreBridgeTransaction
function in theBridgeFacet
contract is intended to restore a previously suspended bridge transaction and update the valid transaction amount. However, this function does not include thewhenNotAccountingPaused
modifier, which is used to prevent users from changing balances. This poses a potential inconsistency, as therestoreBridgeTransaction
function in theBridgeFacetImpl
library updates the balance without this check.Vulnerability Detail
The
restoreBridgeTransaction
function in theBridgeFacet
contract does not include thewhenNotAccountingPaused
modifier, which is used to prevent balance changes when the accounting is paused. This can lead to an inconsistency in the contract state if the accounting is paused while aDISPUTE_ROLE
user attempts to restore a bridge transaction and update the valid transaction amount.Impact
The missing
whenNotAccountingPaused
modifier in therestoreBridgeTransaction
function allowsDISPUTE_ROLE
users to update balances even when the accounting is paused. This can result in incorrect balance updates and potential inconsistencies in the contract state.Code Snippet
https://github.com/sherlock-audit/2024-06-symmetrical-update-2/blob/f5b76ca33f5f05b927a9c0f2f57938e919d6420b/protocol-core/contracts/facets/Bridge/BridgeFacetImpl.sol#L90
Tool used
Manual Review
Recommendation
Include the
whenNotAccountingPaused
modifier in therestoreBridgeTransaction
function in theBridgeFacet
contract to ensure that balance updates are only allowed when the accounting is not paused. This will help maintain consistency in the contract state and prevent potential issues related to incorrect balance updates.