Tame Plum Ram
Medium
As it can be seen here that the protocol wants to restrict deposit of ETH to OptimismPortal2 contract. However, the protocol forgot to restrict the donateETH() function which allows deposit of ETH to the contract.
It can be seen here, that the protocol wants to block deposits of ETH to OptimismPortal2 contract.
receive MUST revert because depositing ETH is not supported, only depositing L2 native token is supported.
Also contest readme states the design choices:
- We use only one function for deposit assets in
OptimismPortal2. Custom Gas Token usesdepositTransactionanddepositERC20Transaction.OptimismPortal2.sol::depositTransaction(address _to, uint256 _mint, uint256 _value, uint64 _gasLimit, bool _isCreation, bytes calldata _data)
However, after restricting receive function they mistakenly left donateETH function untouched, which should also be restricted to prevent ETH deposits. Any deposited ETH is forever locked in the contract.
receive() external payable {
depositTransaction(msg.sender, msg.value, RECEIVE_DEFAULT_GAS_LIMIT, false, bytes(""));
}
...
function donateETH() external payable {
// Intentionally empty.
} receive() external payable {
revert("Only allow native token");
// depositTransaction(msg.sender, msg.value, RECEIVE_DEFAULT_GAS_LIMIT, false, bytes(""));
}
...
function donateETH() external payable {
// Intentionally empty.
}High - Invariant/protocol design break as anyone can deposit ETH to OptimismPortal2 contract. Locking of funds, however this is a result of user mistake.
Overall severity should be Medium.
https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/L1/OptimismPortal2.sol#L246-L256 https://github.com/ethereum-optimism/optimism/blob/v1.7.7/packages/contracts-bedrock/src/L1/OptimismPortal2.sol#L230-L239
Manual Review
Restrict donateETH function to block deposits or remove it.