Distribution.claim
function: callers can grief the protocol by claiming without providing bridging fees
Morpheus protocol allows users to stake/deposit stETH
in Distribution
contract that is going to be deployed on the Ethereum mainnet, and claim their MOR
token rewards on Arbitrum network (L2).
The protocol allows any user to claim rewards onbehalf of other stakers via Distribution.claim
function, where the caller should provide the cost of layer zero transaction that is required to send the mint message to the L2MessageReceiver
contract on Arbitrum :
As can be noticed; there's no check on the provided call value (msg.value
), so if the caller calls claim
function with a dust amount that is not enough to execute the call; the call will fail and will be catched by the L2MessageReceiver.lzReceive
function (L2MessageRceiver
contract implements a non-blocking-lz-message-receive):
Since any failed message can be retried to be executed again via L2MessageReceiver.retryMessage
function; this will incur the protocol team the transaction fees to re-execute these failed mesages again.
Distribution.claim function/ L173
Manual Review.
Add a function to estimate messaging fees (lz.estimateFees()), and check that the caller of the claim
function provides this estimated fees as a minimum (msg.value >= estimateFees()
).
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.