Arbitrary withdrawal could be executed by bridge admin
Description
In astria-bridge-withdrawer, bridge address
and withdrawer address
have permission to withdraw assets from the bridge.
For protocol design, astria-bridge-withdrawer is responsible for monitoring the bridge contract's event log from rollup and submitting the withdrawal action to the sequencer using private keys of the bridge address
and withdrawer address
.
However, bridge address
and withdrawer address
could execute a transaction directly in the sequencer without a transaction in rollup. This means that it is possible to access the assets of the sequencer without the burning process of rollup assets.
Impact
If the private key of the bridge address
or withdrawer address
is compromised, an attacker could unlock and withdraw assets from the bridge using direct execution. This may lead to a loss of user funds.
Recommendations
Ensure that the private keys of the bridge address
and withdrawer address
are securely stored and the users should be aware of and accept this risk.