`initializeERC721Bridgable()` && `initializeERC1155Bridgable()` function in moongate/src/InfernalRiftBelow.sol can be set by anyone due to lack of access control.

Summary

InfernalRiftBelow contract is intended to be deployed on L2 and facilitate token transfer and it uses initializeERC1155Bridgable() and initializeERC721Bridgable() functions to set implementations for the repective standards. However this function lacks access control and can be set by anyone as long as ERC721_BRIDGABLE_IMPLEMENTATION isaddress(0) and ERC1155_BRIDGABLE_IMPLEMENTATION is address(0). So an attacker would be able to set any arbitrary address and can potentailly introduce backdoors. This also exposes function to the risk of frontrunning where malicious address can be set before legitimate one.

Root Cause

Lack of access control in initializeERC721Bridgable() && initializeERC1155Bridgable(). https://github.com/sherlock-audit/2024-08-flayer/blob/main/moongate/src/InfernalRiftBelow.sol#L103-L126

Internal pre-conditions

ERC721_BRIDGABLE_IMPLEMENTATION is address(0)
ERC1155_BRIDGABLE_IMPLEMENTATION is address(0)

External pre-conditions

No response

Attack Path

ERC721_BRIDGABLE_IMPLEMENTATION isaddress(0) and ERC1155_BRIDGABLE_IMPLEMENTATION is address(0) after InfernalRiftbelow contract is deployed.
SCENARIO 1: attacker calls initializeERC721Bridgable() and initializeERC1155Bridgable() before contract owner and this value can no longer be changed.
SCENARIO 2: attacker frontruns owners transaction and is able to call above functions before owner.

Impact

Addresses set by an Attacker can be malicious and implement backdoors into theselibraries and would potentially require redployment.

PoC

No response

Mitigation

Implement access control such that only trusted admin can call initializeERC721Bridgable() and initializeERC1155Bridgable() functions.

sherlock-audit / 2024-08-flayer-judging

0x3adeade - `initializeERC721Bridgable()` && `initializeERC1155Bridgable()` function in moongate/src/InfernalRiftBelow.sol can be set by anyone due to lack of access control. #634

`initializeERC721Bridgable()` && `initializeERC1155Bridgable()` function in moongate/src/InfernalRiftBelow.sol can be set by anyone due to lack of access control.

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

sherlock-audit / 2024-08-flayer-judging

0x3adeade - `initializeERC721Bridgable()` && `initializeERC1155Bridgable()` function in **moongate/src/InfernalRiftBelow.sol** can be set by anyone due to lack of access control. #634

initializeERC721Bridgable() && initializeERC1155Bridgable() function in moongate/src/InfernalRiftBelow.sol can be set by anyone due to lack of access control.

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

0x3adeade - `initializeERC721Bridgable()` && `initializeERC1155Bridgable()` function in moongate/src/InfernalRiftBelow.sol can be set by anyone due to lack of access control. #634

`initializeERC721Bridgable()` && `initializeERC1155Bridgable()` function in moongate/src/InfernalRiftBelow.sol can be set by anyone due to lack of access control.