LogoLogo
English
English
  • ⚡Introduction
    • What is Tokamak Network?
    • Vision
    • Whitepaper
  • ⚙️Service Guide
    • Tokamak L2
      • Thanos Stack
        • Introduction
        • Differences Between Ethereum and Thanos Stack
        • Transaction Fee
        • L2 Native Token Bridge
          • Overview
          • Contracts Modifications
          • Deposit & Withdraw Flow
          • Security Considerations
        • Testnet Information
    • Staking & DAO
      • Simple staking
        • Stake
        • Withdraw
        • Staking reward
        • Contract addresses
        • Contract addresses (testnet)
      • Tokamak Network DAO
        • DAO candidates
          • DAO candidate registration
        • Propose
        • Agenda
        • Contract addresses
        • Contract addresses (testnet)
    • Rollup Hub
      • Devnet
        • Parameter Definitions
        • Creating your own rollup Devnet
      • Mainnet Beta
        • Deployment Configuration Parameters
        • Deploy with AWS
          • Introduction
          • Prerequisites
          • Deploy contracts
          • Building AWS infra with terraform
          • Deploy Thanos chain
        • Operation Guide
          • Chain Operators
            • Architecture
            • Node Operations
            • Chain Configurations
          • Developer Tools
            • SDK
              • Bridge ERC-20 tokens with the Thanos SDK
              • Bridge the Native Token with the Thanos SDK
              • Bridge ETH with the Thanos SDK
            • Contracts
            • About USDCBridge
        • Additional Features
          • Mini Bridge
            • Deployment Guide
            • How to use the Mini Bridge?
          • Seigniorage Rewards (Coming Soon)
      • Troubleshooting
    • Faucet (testnet)
  • 📖Information
    • Get TON
    • TON ↔ WTON
    • Glossary
    • Link
  • 😀Get Involved
    • Global Telegram
    • Community Discord
Powered by GitBook
On this page
  • General
  • L1 Withdrawal Failure Risk with EOA Target
  • Dependency on ERC20 Approval
  1. Service Guide
  2. Tokamak L2
  3. Thanos Stack
  4. L2 Native Token Bridge

Security Considerations

PreviousDeposit & Withdraw FlowNextTestnet Information

Last updated 5 months ago

General

Please review this guide and code comments thoroughly before using the L2 Native Token Bridge. Using the L2 Native Token Bridge without understanding its could lead to unexpected behavior or loss of funds.

L1 Withdrawal Failure Risk with EOA Target

Important: EOA Addresses Do Not Support Contract Calls

Ensure to verify the target address during withdrawals to avoid potential issues or asset loss. If _tx.target is an EOA, it can only process simple transfers. Attempting a contract call may result in asset loss.

Users must be careful when finalizing withdrawals from L1. When initializing a withdrawal transaction in L2, a user may lose funds if _tx.target is EOA and _tx.data.length is not 0. Since _data is non-empty, this transaction is interpreted as a contract call and not a simple transfer. However, if _target is the EOA, it will be a wallet address and that address cannot process any callback.

This can be found in finalizeWithdrawalTransaction of OptimismPortal():

  • The token approval is completed by approve and SafeCall.callWithMinGas is executed for calling transferFrom. The withdrawal should be confirmed by the callback function but if the _tx.target is EOA, nothing happens. Therefore, SafeCall.callWithMinGas succeeds and the allowance is set back to zero. As a result, the user will never get the asset to withdraw.

if (_tx.value != 0) {
    if (_tx.data.length != 0) {
        IERC20(_nativeTokenAddress).approve(_tx.target, _tx.value);
    } else {
        IERC20(_nativeTokenAddress).safeTransfer(_tx.target, _tx.value);
    }
}

bool success;
if (_tx.data.length != 0) {
    success = SafeCall.callWithMinGas(_tx.target, _tx.gasLimit, 0, _tx.data);
} else {
    success = true;
}

// Reset approval after a call
if (_tx.data.length != 0 && _tx.value != 0) {
    IERC20(_nativeTokenAddress).approve(_tx.target, 0);
}

Dependency on ERC20 Approval

The L2 native token utilizes an ERC20 approval flow consisting of three steps:

  1. Approving the ERC20 token

  2. Executing an external call to transfer the token from the CrossDomainMessenger

  3. Revoking the approval to prevent further access

if (_value != 0 && _target != address(0)) {
    IERC20(_nativeTokenAddress).approve(_target, _value);
}
// _target is expected to perform a transferFrom to collect token
bool success = SafeCall.call(_target, gasleft() - RELAY_RESERVED_GAS, 0, _message);
if (_value != 0 && _target != address(0)) {
    IERC20(_nativeTokenAddress).approve(_target, 0);
}

If this process fails—for instance, when the external call encounters an error—tokens may become locked in the CrossDomainMessenger. Such a scenario could result in token loss for the user.

⚙️
requirements
source