Invalid address could break down the bridge withdrawer
Description
The watcher of the bridge withdrawer is responsible for monitoring the bridge contract's event log. When a user sends a transaction to the bridge address with parameters in rollup, the bridge withdrawer will listen for this event to submit a withdraw action to the sequencer.
However, in watcher of the bridge withdrawer, the destination chain address is not validated during logging. If the destination chain address is invalid, the bridge withdrawer crashes during parsing the destination address as bech32m format.
// ...
function withdrawToSequencer(string calldata destinationChainAddress) external payable sufficientValue(msg.value) {
emit SequencerWithdrawal(msg.sender, msg.value, destinationChainAddress);
}
// ...Impact
A malicious user could send a transaction to the bridge withdrawer with an invalid destination chain address. This would cause the bridge withdrawer to crash, preventing it from processing any further transactions.
Below is a proof of concept for this issue:
cast send 0xa58639fb5458e65e4fa917ff951c390292c24a15 --private-key $PK 'withdrawToSequencer(string)' "bbbb" -r http://executor.astria.localdev.me --value 1000000000000000002024-07-19T13:33:22.398641Z ERROR astria_bridge_withdrawer::bridge_withdrawer: task returned with error task="ethereum watcher" error={"0": "block handler exited", "1": "failed to sync from next rollup block height", "2": "failed to get and send events at block", "3": "failed getting actions for block; block hash: `0xd3d1…54cf`, block height: `230`", "4": "failed to parse destination chain address as Astria address for a bridge unlock", "5": "failed decoding provided bech32m string", "6": "parsing failed", "7": "character error", "8": "invalid character (code=b)"}
// ...
2024-07-19T13:33:22.399185Z INFO astria_bridge_withdrawer: withdrawer stoppedRecommendations
Consider checking the destination chain address before logging the event.