MorpheusAI

Foundry

22,500 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

`L1Sender.sendMintMessage()` should estimate fee to prevent failed transactions

0xrizwan

Summary

L1Sender.sendMintMessage() should estimate fee to prevent failed transactions

Vulnerability Details

sendMintMessage() function is called in Distribution contract's claim function by user to claim the rewards and to send the mint message thereby minting the MOR tokens on Arbitrum-L2 chain.

function sendMintMessage(address user_, uint256 amount_, address refundTo_) external payable onlyDistribution {

RewardTokenConfig storage config = rewardTokenConfig;

bytes memory receiverAndSenderAddresses_ = abi.encodePacked(config.receiver, address(this));

bytes memory payload_ = abi.encode(user_, amount_);

ILayerZeroEndpoint(config.gateway).send{value: msg.value}(

config.receiverChainId, // communicator LayerZero chainId

receiverAndSenderAddresses_, // send to this address to the communicator

payload_, // bytes payload

payable(refundTo_), // refund address

address(0x0), // future parameter

bytes("") // adapterParams (see "Advanced Features")

);

}

However, there is issue persists with the failed transaction due to insufficient gas. When sending a mint message to the layer zero endpoint, a gas is included which is PRESUMED to be enough gas for the transaction to be successful., However, If the enough tokens for the gas is not incuded while sending the mint message, the transaction will always fail.

The contract allows the user to pass any value they want which might result in them sending not enough. Their transaction will fail.

Layer zero has specifically mentioned about estimateFees() which can be checked in below link,

https://layerzero.gitbook.io/docs/evm-guides/contract-standards/estimating-message-fees

estimateFees() should be referred to know and to send fee so that the transaction will not revert.

The estimateFees() function returns a dynamic fee based on Oracle and Relayer prices for the destination chainId, your UserApplication contract, and payload parameters.

The transaction would fail due to message wouldn't be forwarded. That is because any estimate_gas will make the transaction work but the gas payment may not be sufficient to fund the message fees.

While the layer zero docs does not enforce the use of estimate gas, However, we recommend to use estimateFees() endpoint so that transaction message would not fail.

If the sponsor does not want to make this change and we think the issue should be acknowledge and make this information available to users. This info should also be included in docs pertaining to LayerZeroEndpoint's send and estimateFees() functions.

Impact

While sending mint message to layer zero, the transaction will fail due to not enough gas. estimateFees() end point should be referred in function to mitigate it.

Tools Used

Manual review

Recommendations

Recommend to use the estimateFees() endpoint so that transaction message would not fail.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

LayerZero Integration: `sendMintMessage` doesn't verify the `msg.value` sent by the user facilitating failed transactions.

Prize pool breakdown

Total prize

22,500 USDC

nSLOC

1,054

21 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.