Summary:

The gasLimit parameter is used in building CCIP messages. However, when the extraArgs parameter is left empty ("0x"), a default gasLimit of 200,000 is set. This default value might lead to unnecessary gas consumption, especially when sending tokens to an externally owned account (EOA), and should be reconsidered.

Vulnerability Details:

1. Default Gas Limit:

   • Issue: When extraArgs is set to "0x," the function sets a default gasLimit of 200,000. This might result in excess gas usage, especially when sending tokens to an EOA where ccipReceive() is not involved.

   • Recommendation: Consider adjusting the default gasLimit to 0 when sending tokens directly to an EOA, as no ccipReceive() implementation is called.

Impact:

The current implementation might lead to higher-than-necessary gas costs, particularly when sending tokens to an EOA, potentially affecting the efficiency and cost-effectiveness of the cross-chain token transfer process.

Tools Used:

Manual code review.

Recommendations:

GasLimit Flexibility:

• Consider setting the default gasLimit to 0 when sending tokens directly to an EOA without involving ccipReceive().

Sender Contract Best Practices

For production code, adhere to the following best practices:

1. Avoid Hardcoding extraArgs: It is recommended to ensure that extraArgs is mutable. Implementing this flexibility allows for building extraArgs off-chain and passing it in function calls or storing it in a storage variable that can be updated as needed. By doing so, you maintain backward compatibility for potential future CCIP upgrades. Notably, your protocol already incorporates this functionality through setExtraArgs; therefore, prefer passing the actual extraArgs value instead of using hardcoded values in _buildCCIPMessage function.

Check more detail at https://docs.chain.link/ccip/getting-started