Description

When the bridge executor is processing an InitiateTokenWithdrawal event from an L2, it tries to fetch the corresponding token pair from the L1:

export class L2Monitor extends Monitor {
    // [snip]
  private async handleInitiateTokenWithdrawalEvent(
    manager: EntityManager,
    data: { [key: string]: string }
  ): Promise<void> {
    const outputInfo = await this.helper.getLastOutputFromDB(
      manager,
      ExecutorOutputEntity
    )
    if (!outputInfo) return
    const pair = await config.l1lcd.ophost.tokenPairByL2Denom(
      this.bridgeId,
      data['denom']
    )

The issue is that if the token pair does not exist, the call will fail and end up causing the bridge executor to stop. Since anyone is able to initiate a withdrawal with any denom, there is no guarantee that the token pair will exist.

Impact

A malicious user could crash the bridge executor by submitting a MsgInitiateTokenWithdrawal transaction for a denom that did not originate from the L1.

Recommendations

If a token pair does not exist on the L1, then it should be handled gracefully by the bridge executor.

The MsgInitiateTokenWithdrawal handler on the L2 could also check to ensure that the coin being withdrawn originated from the L1.

Remediation

An additional fix was implemented in .