Description

Note that it is logically possible for the L2 token's supply to be greater than the L1LidoGateway balance of the L1 token; this is because the L2LidoGateway accepts the token address as a constructor parameter. L2 is ERC-20--implementation agnostic in that it only requires the ability to call mint and burn on the token address.

Impact

The invariant that L1 locked supply is equal to the L2 supply can possibly be broken if the deployer (e.g., if the code is reused) is not aware of the requirement for L2LidoGateway to be the only minter of the L2 token.

Recommendations

Ensure the only address able to mint L2 tokens is the L2LidoGateway. Alternatively, consider deploying the L2 token from the L2LidoGateway contract and deploying the L2 contracts to Scroll first before the L1 contracts (so that the L2 token's address can be configured on L1).

Remediation

Scroll Foundation noted that they intend to ensure the only minter of L2 tokens is L2LidoGateway:

We already make sure that L2LidoGateway is the only minter for L2 token. The address of current L2 token is 0xf610a9dfb7c89644979b4a0f27063e9e7d7cda32↗, you can see that only the gateway can mint token.