The functions which contains IERC20.approve(address, amount not zero) may revert when interacting with tokens such as USDT, which enforce strict rules on the allowance mechanism.
Vulnerability Detail
In the _sendNativeTokenMessage() of L1CrossDomainMessenger contract, the contract calls IERC20.approve() to approve the transfer of tokens to the portal contract. If the token used (e.g., USDT) requires the allowance to be set to zero before updating to a new value and the allowance is non-zero, the transaction will revert.
Since token transfers between L1 and L2 rely on the bridge contract to handle token allowances correctly, any failure in this process will result in failed transactions and disrupted cross-chain token flows.
Impact
If the approval step for tokens like USDT fails, the entire bridge transaction will revert.
Tokens may get locked in the contract if the message passing via L1CrossDomainMessenger is halted due to failed token approvals, resulting in funds being stuck on one layer.
Many users transfer widely used tokens like USDT across chains. If the bridge contract cannot handle these tokens, it greatly limits the utility of the bridge and causes user dissatisfaction.
0x46
Medium
Will not approve due to not zero allowance
Summary
The functions which contains IERC20.approve(address, amount not zero) may revert when interacting with tokens such as USDT, which enforce strict rules on the allowance mechanism.
Vulnerability Detail
In the _sendNativeTokenMessage() of L1CrossDomainMessenger contract, the contract calls IERC20.approve() to approve the transfer of tokens to the portal contract. If the token used (e.g., USDT) requires the allowance to be set to zero before updating to a new value and the allowance is non-zero, the transaction will revert. Since token transfers between L1 and L2 rely on the bridge contract to handle token allowances correctly, any failure in this process will result in failed transactions and disrupted cross-chain token flows.
Impact
If the approval step for tokens like USDT fails, the entire bridge transaction will revert. Tokens may get locked in the contract if the message passing via L1CrossDomainMessenger is halted due to failed token approvals, resulting in funds being stuck on one layer. Many users transfer widely used tokens like USDT across chains. If the bridge contract cannot handle these tokens, it greatly limits the utility of the bridge and causes user dissatisfaction.
Code Snippet
https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/L1/L1CrossDomainMessenger.sol#L189
Tool used
Manual Review
Recommendation
Before setting a new allowance, check if the current allowance is non-zero and, if so, reset it to zero.