`setMessageCancellationDelay` and `addMessageHashesFromL2` can be exploited by malicious users
Summary
The StarknetMessagingLocal contract inherits from StarknetMessaging and includes functions such as setMessageCancellationDelay and addMessageHashesFromL2 that lack proper access controls. These functions allow changes to the cancellation delay and the addition of L2 message hashes, which can be exploited if deployed in a production environment.
Note: I am aware that StarknetMessagingLocalis OOS but the functions in here impact the main protocol functionality so that's why reporting it.
Impact
If the StarknetMessagingLocal contract is deployed in a live environment, a malicious actor could exploit the lack of access controls to manipulate critical aspects of the messaging system:
Infinite Cancellation Delay: By setting the cancellation delay to an infinite value, the attacker could effectively disable the cancellation feature, leading to potential denial of service and financial losses.
Message Hash Flooding: An attacker could flood the system with arbitrary message hashes using the
addMessageHashesFromL2function, overwhelming the L2 system and potentially causing disruptions in the message processing pipeline.
These vulnerabilities could undermine the integrity and reliability of the Starknet messaging protocol.
Recommendation
-
Implement Access Controls: Restrict access to the
setMessageCancellationDelayandaddMessageHashesFromL2functions to only authorized users or roles, such as administrators or contract owners. -
Use Conditional Compilation for Testing Functions: Limit the availability of these functions to testing environments only. This can be achieved through conditional compilation or by deploying separate contracts for testing and production environments.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.