Permanent freezing of someone's TON in L1CrossDomainMessenger

tokamak-network / tokamak-thanos

MIT License

7 stars 3 forks source link

Permanent freezing of someone's TON in L1CrossDomainMessenger #246

Closed Zena-park closed 2 months ago

Zena-park commented 2 months ago

Describe the bug

We can lock someone's TON in L1CrossDomainMessenger by setting their allowance amount in L1CrossDomainMessenger to 1.

    const sendTx = await (
        await l2CrossDomainMessengerContract
        .connect(l2Wallet)
        .sendMessage(someoneWallet, '0x', 200000, { value: 1 })
    ).wait()

Configuration

Severity: CRITICAL

Impact

Permanent freezing of funds

nguyenzung commented 2 months ago

I think we are discussing the same on https://github.com/tokamak-network/tokamak-thanos/issues/243

suahnkim commented 2 months ago

@Zena-park if this is an duplicate issue as @nguyenzung mentioned, can you close it? or if you think it is not, leave a comment?

Zena-park commented 2 months ago

Yes, that's the same thing. I'll close the issue.