MorpheusAI

MorpheusAI
Foundry
22,500 USDC
View results
Submission Details
Severity: low
Valid

L1Sender does not comply with LayerZero documentation

Summary

L1Sender does not comply with LayerZero integration checklist as it hardcodes zroPaymentAddress to address(0x0).

Vulnerability Details

The LayerZero integration checklist indicates that:

Do not hardcode address zero (address(0)) as zroPaymentAddress when estimating fees and sending messages. Pass it as a parameter instead.

Source:

  • https://layerzero.gitbook.io/docs/troubleshooting/layerzero-integration-checklist

Impact

This vulnerability may lead to DoS in the future.

Tools Used

LayerZero documentation

Recommendations

Consider applying the LayerZero checklist recommendations, especially not hardcoding the zroPaymentAddress parameter.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

LayerZero Integration: Do not hardcode address zero (address(0)) as zroPaymentAddress

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.