AggLayer: Validate faucet existence on registration #2709
Description
Description
In the Solidity bridge, token contracts are deployed by the bridge itself via CREATE2 (or set explicitly by the bridge manager for sovereign tokens in BridgeL2SovereignChain.sol), so the bridge has direct control over token contract existence and configuration. There is no direct Solidity counterpart to this issue.
In the Miden bridge, the register_faucet procedure writes the faucet ID to both faucet_registry_map and token_registry_map without verifying that the faucet account exists on-chain, has the correct code commitment, or is properly configured (correct origin token address, scale, etc.). The procedure receives faucet_id_suffix and faucet_id_prefix from the CONFIG_AGG_BRIDGE note storage and directly writes them to the registries with no FPI call or other validation.
Impact
If the bridge admin makes a typo in the faucet ID, or if an incorrectly configured faucet is registered, the token registry would point to a non-existent or misconfigured faucet. The failure mode depends on the operation:
- Bridge-in claims: the
lookup_faucet_by_token_addresscall would return the wrong faucet ID. The MINT note would target a non-existent faucet, failing at the faucet's mint procedure. - Bridge-out operations: the
convert_assetprocedure performs an FPI call to the faucet'sasset_to_origin_asset. If the faucet doesn't exist, this FPI call fails. If the faucet exists but has wrong parameters, incorrect conversion data would be returned, producing wrong leaf data.
Recommended Action
Modify register_faucet to perform an FPI call to the faucet (e.g., calling get_scale) before writing to the registries. If the faucet doesn't exist or isn't a valid AggLayer faucet, the FPI call will fail and the transaction will panic, preventing invalid registrations. Optionally, also add client-side validation in the Rust helper for early error detection before the note is even created.
References
bridge_config.masm(register_faucet)config_note.rsfaucet.rs
Classification
No direct Solidity counterpart. In the Solidity bridge, token contracts are deployed by the bridge itself via CREATE2, so existence is inherently guaranteed. This issue is Miden-specific, arising from the architectural difference where faucets are pre-deployed independently and then registered with the bridge.