Absence of Reprocessing of failed messages
Upon receiving a message on the destination blockchain, the ccipReceive function is called by the CCIP router. This function serves as the entry point to the contract for processing incoming CCIP messages, enforcing crucial security checks through the onlyRouter modifiers.
There could be multiple instances where further Tx failed
like IRESDLTokenBridge(reSDLTokenBridge).ccipReceive(_message);
failed when calling handleIncomingRESDL
on sdlPoolCCIPController
due to insufficient token transfer, and other
So there should be proper Error handling method to deal with these type of unwated errors, and help to unluck user funds.
Refer :: https://docs.chain.link/ccip/tutorials/programmable-token-transfers-defensive
There should some sort of retryFailedMessage
function provides a mechanism to recover assets if a CCIP message processing fails. It's specifically designed to handle scenarios where message data issues prevent entire processing yet allow for token recovery:
Initiation:
Only the contract owner can call this function, providing the messageId of the failed message and the tokenReceiver address for token recovery.
Validation:
It checks if the message has failed using s_failedMessages.get(messageId). If not, it reverts the transaction.
Status Update:
The error code for the message is updated to RESOLVED to prevent reentry and multiple retries.
Token Recovery:
Retrieves the failed message content using s_messageContents[messageId].
Transfers the locked tokens associated with the failed message to the specified tokenReceiver as an escape hatch without processing the entire message again.
Event Emission:
An event MessageRecovered is emitted to signal the successful recovery of the tokens.
This function showcases a graceful asset recovery solution, protecting user values even when message processing encounters issues.
User funds get locked due failure Tx
Manual Review
There should proper error handling method present
Refer this Chainlink ccip docs
https://docs.chain.link/ccip/tutorials/programmable-token-transfers-defensive
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.