FV-SOL-1-C4 Cross Chain

TLDR

Cross-chain reentrancy involves exploiting asynchronous transactions or inconsistencies between two blockchains that communicate with each other.

In this type of vulnerability, an attacker leverages the delay or difference in state updates across chains to manipulate the state on one chain based on outdated or unverified information from another chain.

Game

Consider how an attacker might exploit this contract if they can control or manipulate the calls to completeTransfer through cross-chain messaging.

How could an attacker use reentrant calls from one chain to the other to alter the balances in unintended ways?

// SPDX-License-Identifier: MIT
// Open me in VSCode and really think before opening the hints!
// Add @audit tags wherever suspicious
// Go to the solidity docs to complete missing knowledge of what's happening here
// Solve by drafting a fix!
pragma solidity ^0.8.0;

contract CrossChainBridge {
    mapping(address => uint256) public balances;

    event TransferInitiated(address indexed user, uint256 amount, string targetChain);
    event TransferCompleted(address indexed user, uint256 amount);

    // Function to start transferring funds to another chain
    function initiateTransfer(uint256 amount, string memory targetChain) public {
        require(balances[msg.sender] >= amount, "Insufficient balance");
        balances[msg.sender] -= amount;
        emit TransferInitiated(msg.sender, amount, targetChain);
        // Assume the amount is now locked, awaiting confirmation from the target chain
    }

    // Function to receive funds back from the other chain
    function completeTransfer(address user, uint256 amount) public {
        balances[user] += amount;
        emit TransferCompleted(user, amount);
    }
}

Last updated