L1Sender does not comply with LayerZero integration checklist as it hardcodes zroPaymentAddress
to address(0x0)
.
The LayerZero integration checklist indicates that:
Do not hardcode address zero (address(0)) as zroPaymentAddress when estimating fees and sending messages. Pass it as a parameter instead.
Source:
https://layerzero.gitbook.io/docs/troubleshooting/layerzero-integration-checklist
This vulnerability may lead to DoS in the future.
LayerZero documentation
Consider applying the LayerZero checklist recommendations, especially not hardcoding the zroPaymentAddress
parameter.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.