Description

The function outboundTransferCustomRefund called in bridgeTokenArb is a payable function, while bridgeTokenArb is not. Therefore, ETH could not be sent in the outboundTransferCustomRefund call.

function bridgeTokenArb(address token, address arbEscrow, uint256 amount, uint256 maxGas, uint256 gasPrice)
    external
    onlyOwner
    onlyBroke
{
    IERC20(token).safeIncreaseAllowance(address(bridgeRouter), amount);
    bridgeRouter.outboundTransferCustomRefund(token, msg.sender, arbEscrow, amount, maxGas, gasPrice, bytes(""));
}

The msg.value passed along this function is used as the gas fees on the L2 after the tokens are bridged. If this value is not sent, the gas passed along would be 0, and hence the bridging might fail.

Impact

Bridging of tokens might fail due to no gas fee on the L2.

Recommendations

We recommend making the function payable and sending the msg.value to the function call outboundTransferCustomRefund.

Remediation

This issue has been acknowledged by Bracket Labs Group SA, and a fix was implemented in commit 9d8ba151↗.