Withdrawal event could be reused by bridge admin
Description
In astria-bridge-withdrawer, bridge address
and withdrawer address
have permissions to withdraw assets from the bridge.
Both bridge address
and withdrawer address
could execute CollectWithdrawals
and SubmitWithdrawals
using astria-cli to withdraw assets from the bridge.
But there is no marking or validation to check that the withdrawal has already been spent. This means that the withdrawal event could potentially be reused by the bridge admin to withdraw assets from the bridge multiple times.
Impact
If the private key of the bridge address
or withdrawer address
is compromised, an attacker could unlock and withdraw assets from the bridge repeatedly using the same withdrawal event. This may lead to a loss of user funds.
Recommendations
Ensure that the withdrawal event is marked or validated to prevent the reuse of the withdrawal event in the bridge withdrawer.