stake.link
stake.link
DeFiHardhatBridge
27,500 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Return value of GetFee is not checked

developerjordy

Summary

The return value of the getFee function is not being checked. According to the Chainlink CCIP documentation, the function returns 0 on an invalid message.

returns 0 fees on invalid message.
Chainlink Doc

Vulnerability Details

Failing to validate the return value of getFee may lead to incorrect fee calculations and potential discrepancies in the processing of messages. This could result in financial losses or incorrect processing of transactions.

Impact

Failing to check the return value of getFee may lead to incorrect fee calculations and potential discrepancies in the processing of messages. It is important to ensure that the return value is properly validated to maintain accurate fee calculations and message processing.

Tools Used

Manual Review

Recommendations

It is important to implement proper validation of the return value of the getFee function to ensure accurate fee calculations and message processing.

Make changes to the getFee method

function getFee(uint64 _destinationChainSelector, bool _payNative) external view returns (uint256) {
Client.EVM2AnyMessage memory evm2AnyMessage = _buildCCIPMessage(
address(this),
1000 ether,
_payNative ? address(0) : address(linkToken)
);
- return IRouterClient(this.getRouter()).getFee(_destinationChainSelector, evm2AnyMessage);
+ uint256 fee = IRouterClient(this.getRouter()).getFee(_destinationChainSelector, evm2AnyMessage);
+ require(fee > 0, "Wrong Fee Received");
}
Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.