Anyone can cancel the request of another user using the nonce and the payload.
Using the vm.startPrank() with bob allow us to cancel alice's request.
Cancel of the requests makes the service unusable for the affected user. We could imagine an automated way of exploiting this to prevent a selected user to initiate requests.
Manual review; Foundry tests.
Check the sender of the transaction is indeed matching the address of the user targeted by the cancellation.
The process to cancel a message is detailed here: https://docs.starknet.io/architecture-and-concepts/network-architecture/messaging-mechanism/#l2-l1_message_cancellation Since `startRequestCancellation` has the `onlyOwner`, only the owner can begin that process.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.