J_10 [protocol discussion]

Question

J_10 [protocol discussion]

usgeeus opened this issue 8 months ago · 7 comments

Configuration

severity : low
confidence : low

Description

From what I heard in the seminar, we only support a few tokens, including ETH,
In L2FastWithrdraw.sol:requestFW, allowing _l1token to be passed as a parameter seems to make it more complicated to analyze the vulnerability, both on the front end and in terms of FWing _l1token with an unrelated _l2token.

Recommendation

Why not create a _l2token ↔ _l1token mapping and manage the mapping with the onlyOwner function????

usgeeus commented 7 months ago

Solved

Answer 1 · 2024-05-22T09:11:01.000Z

It was initially applied like this, but the format was changed because there was still a responsibility for someone to manage l1token <-> l2token.

Answer 2 · 2024-05-22T15:35:02.000Z

I think we can have a discussion around this point.

we discussed a permissioned way (onlyOwner) that registers, but we did not want to restrict which tokens can be FastWithdrawn.

we also discussed using l1token storage (token address on L1) as a parameter to automatically set the L1 token address on L2, but i think there were some concerns using that.

Can we have a discussion about this tomorrow? (May 24th)

Answer 3 · 2024-05-23T03:19:53.000Z

If you make call tomorrow, i can discuss.

Answer 4 · 2024-05-23T08:36:42.000Z

Basically, some tokens are registered using mapping, and requests for tokens that do not have mapping registered are also allowed, but we decided to add a warning message.

Answer 5 · 2024-05-29T15:11:54.000Z

Changing this will result in a lot of structural changes, so we will revise it as development progresses next week.

Answer 6 · 2024-06-18T09:37:12.000Z

@usgeeus
The mapping token has been applied. Please confirm.
https://github.com/tokamak-network/crossTrade/blob/2nd_Audit/contracts/L2/L2CrossTrade.sol