Incorrect payload length check in depositTokens() function
Summary
There is an incorrect payload length check in depositTokens() function.
Vulnerability Details
The MAX_PAYLOAD_LENGTH is 300.
However, in the depositTokens function of the bridge contract, there is an incorrect check for the maximum payload length. The current implementation reverts the transaction if the payload length is greater than or equal to MAX_PAYLOAD_LENGTH, when it should only revert if the length is strictly greater than MAX_PAYLOAD_LENGTH.
The issue stems from the use of the greater than or equal to operator (>=) instead of the strictly greater than operator (>) in the payload length check. This check incorrectly includes the case where payload.length is exactly equal to MAX_PAYLOAD_LENGTH, which should be a valid case.
Impact
Valid transactions with a payload length exactly equal to MAX_PAYLOAD_LENGTH are incorrectly rejected. This reduces the maximum number of tokens that can be deposited in a single transaction by one.
Tools Used
Manual review
Recommendations
Modify the payload length check to use the strictly greater than operator:
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Appeal created
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.