Lines of code
<https://github.com/pooltogether/ERC5164/blob/5647bd84f2a6d1a37f41394874d567e45a97bf48/src/interfaces/ICrossChainExecutor.sol#L29&gt;

Vulnerability details

Impact

The CrossChainExecutor contracts in the codebase are meant to follow the CrossChainExecutor interface as defined in EIP-5164. Each L2 network specific CrossChainExecutor contract is also expected to inherit and follow the ICrossChainExecutor interface present in the codebase.

But the CrossChainExecutorPolygon contract in EthereumToPolygonExecutor.sol does not inherits the intended interface and does not implements the executeCalls function which is the most important function of EIP-5164’s CrossChainExecutor. Due to this the contract becomes incompatible with EIP-5164. The interaction with the CrossChainExecutorPolygon contract will become difficult as the contracts interacting with CrossChainExecutorPolygon contract will assume it to have the executeCalls function which it currently lacks. All the transactions which tries to call the executeCalls function will get reverted.

Proof of Concept

Any call to CrossChainExecutorPolygon.executeCalls() will get reverted.

Scenario

• The CrossChainExecutorPolygon contract get deployed at address 0x123…
• Call to ICrossChainExecutor(0x123…).executeCalls() will be reverted.

Tools Used

Manual review

Recommended Mitigation Steps

The ICrossChainExecutor should be inherited by CrossChainExecutorPolygon contract and executeCalls function should be implemented to make the contract EIP-5164 compatible. If the function in unnecessary it can be implemented as a no-op.

The text was updated successfully, but these errors were encountered:

All reactions