Arbitrary withdrawal could be executed by bridge admin
Description
In astria-bridge-withdrawer, bridge address and withdrawer address have permission to withdraw assets from the bridge.
For protocol design, astria-bridge-withdrawer is responsible for monitoring the bridge contract's event log from rollup and submitting the withdrawal action to the sequencer using private keys of the bridge address and withdrawer address.
However, bridge address and withdrawer address could execute a transaction directly in the sequencer without a transaction in rollup. This means that it is possible to access the assets of the sequencer without the burning process of rollup assets.
Impact
If the private key of the bridge address or withdrawer address is compromised, an attacker could unlock and withdraw assets from the bridge using direct execution. This may lead to a loss of user funds.
Recommendations
Ensure that the private keys of the bridge address and withdrawer address are securely stored and the users should be aware of and accept this risk.