Summary

The cancelRequest function in the contract allows the cancellation of any request without verifying the caller's authority or ownership of the request. This could lead to unauthorized request cancellations.

Vulnerability Details

The cancelRequest function takes a payload and a nonce as input parameters and proceeds to cancel the corresponding L1 to L2 message. However, the function does not verify whether the caller has the authority to cancel the request or whether they own the request. This lack of validation allows any user to potentially cancel any request, which could be exploited by attackers to disrupt or sabotage legitimate transactions.

• Lack of Ownership Check: The function does not verify if the caller is the owner of the request they are attempting to cancel.

• No Permission Validation: There is no check to ensure that the caller has the necessary permissions to cancel the request, making the function vulnerable to unauthorized use.

Impact

• Unauthorized Cancellations: Malicious users could cancel legitimate requests initiated by others, leading to disruptions in token transfers or other operations.

• Denial of Service: An attacker could repeatedly cancel requests, causing a denial of service (DoS) for users trying to complete their transactions.

• Loss of Funds or Tokens: If requests related to token transfers are canceled improperly, it could result in loss or unavailability of funds or tokens for legitimate users.

Tools Used

VsCode

Recommendations

• Implement Ownership Checks: Ensure that the cancelRequest function verifies that the caller is the owner of the request or has the necessary permissions to cancel it.

• Add Permission Validation: Introduce checks to ensure that only authorized entities (such as the original request initiator or a contract owner) can cancel requests.

• Log and Monitor Cancellations: Implement logging and monitoring for all cancellation actions to detect and respond to any unauthorized cancellation attempts promptly.