are callable by anybody as long as the current addresses are not set to address(0).
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
Flayer deploys the InfernalRiftAbove contract
An attacker monitors the chain to know when the InfernalRiftAbove has been deployed
Attacker calls the functions listed above in order to set wrong address
Impact
If an user bridges an ERC721/ERC1155 token while the wrong INFERNAL_RIFT_BELOW address is set the bridged tokens will be locked in the InfernalRiftAbove contract
If an user bridges an ERC721/ERC1155 token while the wrong ERC721_BRIDGABLE_IMPLEMENTATION address is set a malicious implementations will be deployed on L2, which would allow the attack to steal the bridged ERC721 tokens
If an user bridges an ERC721/ERC1155 token while the wrong ERC1155_BRIDGABLE_IMPLEMENTATION address is set a malicious implementations will be deployed on L2, which would allow the attack to steal the bridged ERC1155 tokens
PoC
No response
Mitigation
Allow the listed functions to only be called by admins and/or set their values in the constructor.
zzykxx
Medium
Settings functions frontrun in Moongate
Summary
No response
Root Cause
The functions:
are callable by anybody as long as the current addresses are not set to
address(0).Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
InfernalRiftAbovecontractInfernalRiftAbovehas been deployedImpact
INFERNAL_RIFT_BELOWaddress is set the bridged tokens will be locked in theInfernalRiftAbovecontractERC721_BRIDGABLE_IMPLEMENTATIONaddress is set a malicious implementations will be deployed on L2, which would allow the attack to steal the bridged ERC721 tokensERC1155_BRIDGABLE_IMPLEMENTATIONaddress is set a malicious implementations will be deployed on L2, which would allow the attack to steal the bridged ERC1155 tokensPoC
No response
Mitigation
Allow the listed functions to only be called by admins and/or set their values in the constructor.