MorpheusAI
MorpheusAI
Foundry
22,500 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Failed message can be overwrite and nonce can be reused

vineyard

Summary

The _blockingLzReceive function lacks nonce validation, potentially leading to nonce reuse with the overwriting of failed messages or duplicate events.

Vulnerability Details

In _blockingLzReceive, when nonblockingLzReceive succeeds, the nonce is utilized solely within the event log. Conversely, if it fails, the failed message is stored in failedMessages with the nonce as part of its key:

try
IL2MessageReceiver(address(this)).nonblockingLzReceive(
senderChainId_,
senderAndReceiverAddresses_,
payload_
) //@audit nonce not being used
{
emit MessageSuccess(senderChainId_, senderAndReceiverAddresses_, nonce_, payload_);
} catch (bytes memory reason_) { //@audit message can be overwrite
failedMessages[senderChainId_][senderAndReceiverAddresses_][nonce_] = keccak256(payload_);
emit MessageFailed(senderChainId_, senderAndReceiverAddresses_, nonce_, payload_, reason_);
}

No checks are performed to ensure the nonce has not been previously used.

Impact

  1. duplicate MessageSuccess and MessageFailed with same nonce can be emitted

  2. failedMessage can be overwrite since nonce can be reused

Tools Used

Manual

Recommendations

It's recommended to implement nonce validation checks to prevent issues related to duplicate nonces.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.