`sendMintMessage` should calculate sending fees to prevent failed transactions
Summary
No way to prevent message that do not pass enough native eth to transfer
Vulnerability Details
When sending a msg to the layer zero endpoint you include enough gas for the transaction. If you don't include enough tokens for the gas, the transaction will fail. The Distribution.claim() function allows the user to pass any value, that call L1sender.sendMintMessage() function to call to layerZero, which might result in them sending not enough. Their transaction will fail.
To know how much you have to send there's the estimateFees() function as described here.
function sendMintMessage(address user_, uint256 amount_, address refundTo_) external payable onlyDistribution {
RewardTokenConfig storage config = rewardTokenConfig;
bytes memory receiverAndSenderAddresses_ = abi.encodePacked(config.receiver, address(this));
bytes memory payload_ = abi.encode(user_, amount_);
ILayerZeroEndpoint(config.gateway).send{value: msg.value}(
config.receiverChainId, // communicator LayerZero chainId
receiverAndSenderAddresses_, // send to this address to the communicator
payload_, // bytes payload
payable(refundTo_), // refund address
address(0x0), // future parameter
bytes("") // adapterParams (see "Advanced Features")
);
}
Impact
Transaction can be failed
Tools Used
Manual review
Recommendations
Use the estimateFees() endpoint
Lead Judging Commences
LayerZero Integration: `sendMintMessage` doesn't verify the `msg.value` sent by the user facilitating failed transactions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.