# #47351 \[SC-Low] Funds get stuck in the bridge if attempted to be deposited into a restricted address

**Submitted on Jun 12th 2025 at 22:29:48 UTC by @Kalogerone for** [**IOP | Paradex**](https://immunefi.com/audit-competition/iop-paradex)

* **Report ID:** #47351
* **Report Type:** Smart Contract
* **Report severity:** Low
* **Target:** <https://github.com/tradeparadex/audit-competition-may-2025/tree/main/paraclear>
* **Impacts:**
  * Permanent freezing of funds

## Description

## Brief/Intro

When depositing from the bridge to an operator, sub-operator or auxiliary account, the transaction will revert and funds will remain stuck in the L1 bridge.

## Vulnerability Details

During bridge deposits, the registry gets called to check for restrictions:

```
        fn _deposit_from_bridge(
            ref self: ComponentState<TContractState>,
            recipient: ContractAddress,
            token_address: ContractAddress,
            amount_u256: u256,
        ) {
            let token_dispatcher = ERC20ABIDispatcher { contract_address: token_address };
            let decimals = token_dispatcher.decimals();

            // Sender is 0 (unknown) for bridge deposits
            self._detect_transfer_restriction(Zero::zero(), recipient, token_address, amount_u256);
```

However, according to registry, transfers from `others` going towards operators, sub-operators or auxiliary accounts is restricted and the transaction will revert:

```
            // Restricted:
            //   8. others -> operator
            //   9. others -> auxiliary
            //   10. others -> sub-operator
```

## Impact Details

Any tokens deposited through the bridge to such accounts will not succeed and tokens will stay locked in L1 bridge.

## References

<https://github.com/tradeparadex/audit-competition-may-2025/blob/main/paraclear/src/paraclear/paraclear.cairo#L1248>

## Proof of Concept

## Proof of Concept

1. User deposits to L1 bridge with destination an operator, sub-operator or auxiliary account
2. L2 bridge fails to complete the deposit
3. Funds are stuck in L1 bridge


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/iop-paradex/47351-sc-low-funds-get-stuck-in-the-bridge-if-attempted-to-be-deposited-into-a-restricted-address.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.