`sendMintMessage` does not check if msg.value is enough to cover the cost
Summary
The user can call Distribution::claim which will call L1Sender::sendMintMessage with a msg.value.
The msg.value will be used to cover the cost of the transaction.
This function can fail if msg.value is not enough
Vulnerability Details
When sending a msg to the layerzero Endpoint, user has to include enough gas for the transaction, if enough gas is not included, the transaction will fail.
Any msg.value can be passed into the function by the user.
LayerZero provides this documentation
https://layerzero.gitbook.io/docs/evm-guides/contract-standards/estimating-message-fees
LayerZero provides an endpoint which is estmateFees which returns a tuple containing the cross chain message fee.
Impact
User transactions will revert if not enough msg.value is passed for the transaction to cover the fees, since this is cross-chain it might produce unexpected results while sending the message.
The message will not be forwarded if msg.value is not enough due to insufficient checks on msg.value
Tools Used
Manual Review, Solodit
Recommendations
Use the estimateFees() endpoint to calculate the fees and then check against the user provided msg.value to make sure it is enough for the message to be sent.
Lead Judging Commences
LayerZero Integration: `sendMintMessage` doesn't verify the `msg.value` sent by the user facilitating failed transactions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.