stake.link

stake.link
DeFiHardhatBridge
27,500 USDC
View results
Submission Details
Severity: high
Invalid

There should be some method which will help in re-processing failed tx due to some unintended reason.

Summary

Absence of Reprocessing of failed messages

Vulnerability Details

Upon receiving a message on the destination blockchain, the ccipReceive function is called by the CCIP router. This function serves as the entry point to the contract for processing incoming CCIP messages, enforcing crucial security checks through the onlyRouter modifiers.

function ccipReceive(Client.Any2EVMMessage calldata _message) external override onlyRouter {
_verifyCCIPSender(_message);
// @audit-issue ERROR Handling should occur
if (_message.destTokenAmounts.length == 1 && _message.destTokenAmounts[0].token == address(sdlToken)) {
IRESDLTokenBridge(reSDLTokenBridge).ccipReceive(_message);
} else {
_ccipReceive(_message);
}
}

There could be multiple instances where further Tx failed
like IRESDLTokenBridge(reSDLTokenBridge).ccipReceive(_message); failed when calling handleIncomingRESDL on sdlPoolCCIPController due to insufficient token transfer, and other

So there should be proper Error handling method to deal with these type of unwated errors, and help to unluck user funds.

Refer :: https://docs.chain.link/ccip/tutorials/programmable-token-transfers-defensive
There should some sort of retryFailedMessage function provides a mechanism to recover assets if a CCIP message processing fails. It's specifically designed to handle scenarios where message data issues prevent entire processing yet allow for token recovery:

Initiation:

Only the contract owner can call this function, providing the messageId of the failed message and the tokenReceiver address for token recovery.
Validation:

It checks if the message has failed using s_failedMessages.get(messageId). If not, it reverts the transaction.
Status Update:

The error code for the message is updated to RESOLVED to prevent reentry and multiple retries.
Token Recovery:

Retrieves the failed message content using s_messageContents[messageId].
Transfers the locked tokens associated with the failed message to the specified tokenReceiver as an escape hatch without processing the entire message again.
Event Emission:

An event MessageRecovered is emitted to signal the successful recovery of the tokens.
This function showcases a graceful asset recovery solution, protecting user values even when message processing encounters issues.

Impact

User funds get locked due failure Tx

Tools Used

Manual Review

Recommendations

There should proper error handling method present
Refer this Chainlink ccip docs
https://docs.chain.link/ccip/tutorials/programmable-token-transfers-defensive

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.