This repository has been archived by the owner on May 26, 2023. It is now read-only.
ck - Block number is not an input to proveWithdrawalTransaction
in OptimismPortal
#233
Labels
Reward
A payout will be made for this issue
Specification
An issue related to the specification (low severity)
ck
low
Block number is not an input to
proveWithdrawalTransaction
inOptimismPortal
Summary
According to the
Withdrawals
spec, a block number is one of the submitted inputs to theOptimismPortal
which is not the case.Vulnerability Detail
The documentation says:
"A relayer submits the required inputs to the OptimismPortal contract. The relayer need not be the same entity which initiated the withdrawal on L2. These inputs include the withdrawal transaction data, inclusion proofs, and a block number. The block number must be one for which an L2 output root exists, which commits to the withdrawal as registered on L2."
In the contract, the
_l2OutputIndex
is the one used to check for existence of theoutputRoot
and not the block number.Impact
Misleading spec
Code Snippet
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/OptimismPortal.sol#L160-L182
Tool used
Manual Review
Recommendation
The specification should refer to
_l2OutputIndex
as one of the inputs instead of 'block number'.The text was updated successfully, but these errors were encountered: