First Flight #12: Kitty Connect
First Flight #12: Kitty Connect
Beginner FriendlyFoundryNFTGameFi
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

'KittyBridge.sol::_ccipReceive' Does not correctly receive the any2EvmMessage.sender

coffee

Summary

In the 'KittyBridge.sol::_ccipReceive' function, the incoming any2EvmMessage.sender will not be received correctly.

Vulnerability Details

As per the Chainlink CCIP documentation, the sender address is in bytes format and will need to be decoded from bytes to an Ethereum address. Therefore, it will need to be abi.decoded from the incoming any2EvmMessage.

Below is the missing line as per the CCIP documentation

onlyAllowlisted(
any2EvmMessage.sourceChainSelector,
@> abi.decode(any2EvmMessage.sender, (address))

Impact

The 'KittyBridge.sol::_ccipReceive' function does not correctly receive the any2EvmMessage.sender. This could cause a failure of reading the address and confirming that it is an allowed address, thus reverting the call.

function _ccipReceive(Client.Any2EVMMessage memory any2EvmMessage)
internal
override
onlyAllowlisted(any2EvmMessage.sourceChainSelector,
@> msg.sender)
{

Tools Used

--Foundry

Recommendations

It is recommended to change the below line to properly receive the senders address.

function _ccipReceive(Client.Any2EVMMessage memory any2EvmMessage)
internal
override
onlyAllowlisted(any2EvmMessage.sourceChainSelector,
- msg.sender)
+ abi.decode(any2EvmMessage.sender, (address))
{
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

`onlyAllowlisted` modifier is not properly implemented in case of _ccipReceive

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.