contract with only IOptimismMintableERC20 interface is not compatible with StandardBridge
Summary
If a custom contract implements only the IOptimismMintableERC20 interface and not the ILegacyMintableERC20, the contract will be incompatible with the StandardBridge because the bridge relies on the l1Token function, which is defined in the legacy interface.
Vulnerability Detail
The comment in the IOptimismMintableERC20 suggests that one can make a custom implementation of OptimismMintableERC20 using the interface IOptimismMintableERC20.
if the given token passes the _isOptimismMintableERC20, the legacy function l1Token will be called on the token. If the token does not implement the legacy interface, the call will fail.
It is unclear it is intended behavior.
If the _isOptimismMintableERC20 function returns true only when the both of interfaces are implemented, the token with only the IOptimismMintableERC20 will be treated as if they are not the optimism mintable function, without failing.
ChainPatrol
Medium
contract with only
IOptimismMintableERC20
interface is not compatible withStandardBridge
Summary
If a custom contract implements only the
IOptimismMintableERC20
interface and not theILegacyMintableERC20
, the contract will be incompatible with theStandardBridge
because the bridge relies on thel1Token
function, which is defined in the legacy interface.Vulnerability Detail
The comment in the
IOptimismMintableERC20
suggests that one can make a custom implementation ofOptimismMintableERC20
using the interfaceIOptimismMintableERC20
.https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/universal/IOptimismMintableERC20.sol#L7-L10
Also, the
StandardBridge
, which uses theOptimismMintableERC20
has_isOptimismMintableERC20
function, which checks whether the given token address is implementingOptimismMintableERC20
. The function will be true if either ofILegacyMintableERC20
orIOptimismMintableERC20
is implemented. it means that if a token implements only one of the interfaces, it will return true. https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/universal/StandardBridge.sol#L466if the given token passes the
_isOptimismMintableERC20
, the legacy functionl1Token
will be called on the token. If the token does not implement the legacy interface, the call will fail.https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/L2/L2StandardBridge.sol#L293
Impact
Any custom contract without
l1Token
function will not be compatible withStandardBridge
Code Snippet
https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/universal/IOptimismMintableERC20.sol#L7-L10
https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/universal/StandardBridge.sol#L466
https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/L2/L2StandardBridge.sol#L293
Tool used
Manual Review
Recommendation
It is unclear it is intended behavior. If the
_isOptimismMintableERC20
function returns true only when the both of interfaces are implemented, the token with only theIOptimismMintableERC20
will be treated as if they are not the optimism mintable function, without failing.