contract with only IOptimismMintableERC20 interface is not compatible with StandardBridge
Summary
If a custom contract implements only the IOptimismMintableERC20 interface and not the ILegacyMintableERC20, the contract will be incompatible with the StandardBridge because the bridge relies on the l1Token function, which is defined in the legacy interface.
Vulnerability Detail
The comment in the IOptimismMintableERC20 suggests that one can make a custom implementation of OptimismMintableERC20 using the interface IOptimismMintableERC20.
if the given token passes the _isOptimismMintableERC20, the legacy function l1Token will be called on the token. If the token does not implement the legacy interface, the call will fail.
It is unclear it is intended behavior.
If the _isOptimismMintableERC20 function returns true only when the both of interfaces are implemented, the token with only the IOptimismMintableERC20 will be treated as if they are not the optimism mintable function, without failing.
ChainPatrol
Medium
contract with only
IOptimismMintableERC20interface is not compatible withStandardBridgeSummary
If a custom contract implements only the
IOptimismMintableERC20interface and not theILegacyMintableERC20, the contract will be incompatible with theStandardBridgebecause the bridge relies on thel1Tokenfunction, which is defined in the legacy interface.Vulnerability Detail
The comment in the
IOptimismMintableERC20suggests that one can make a custom implementation ofOptimismMintableERC20using the interfaceIOptimismMintableERC20.https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/universal/IOptimismMintableERC20.sol#L7-L10
Also, the
StandardBridge, which uses theOptimismMintableERC20has_isOptimismMintableERC20function, which checks whether the given token address is implementingOptimismMintableERC20. The function will be true if either ofILegacyMintableERC20orIOptimismMintableERC20is implemented. it means that if a token implements only one of the interfaces, it will return true. https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/universal/StandardBridge.sol#L466if the given token passes the
_isOptimismMintableERC20, the legacy functionl1Tokenwill be called on the token. If the token does not implement the legacy interface, the call will fail.https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/L2/L2StandardBridge.sol#L293
Impact
Any custom contract without
l1Tokenfunction will not be compatible withStandardBridgeCode Snippet
https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/universal/IOptimismMintableERC20.sol#L7-L10
https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/universal/StandardBridge.sol#L466
https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/L2/L2StandardBridge.sol#L293
Tool used
Manual Review
Recommendation
It is unclear it is intended behavior. If the
_isOptimismMintableERC20function returns true only when the both of interfaces are implemented, the token with only theIOptimismMintableERC20will be treated as if they are not the optimism mintable function, without failing.