TempleGold `send` doesn't verify for fees or gas
Summary
TempleGold::send sends tokens across all supported chains. However the function gives all power to the user, meaning he can choose his fee and gas for the transfer. This will lead to most TX being reverted.
Vulnerability Details
Users can use send to transfer their temple gold tokens across all supported chains. However when making transfers users are the ones who have control over all _lzSend parameters (excluding composeMsg and to as these are vitrified).
https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/TempleGold.sol#L281
Giving users the right to choose their own fee can cause a plethora of issues, as most LZ issues come from bad gas management. With the current set up if users input not enough gas the calls will revert on the other chain, needing a retry in order to be executed.
Impact
Some TX would be reverted.
Tools Used
Manual review
Recommendations
Implement a verification calling quote and verifying that msg.value >= MessagingFee.nativeFee.
Lead Judging Commences
Fee validation issue in send
Appeal created
Fee validation issue in send
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.