Malicious user can mint multiple tgld token across different chains
Summary
The _lzReceive function is designed to handle incoming messages, crediting the recipient with the appropriate amount of tokens. However, the function lacks a mechanism to correctly set the _message.isComposed flag to true, potentially allowing a malicious user to resend the same message to claim multiple tokens on different chains.
Vulnerability Details
The _lzReceive function attempts to prevent message replay by checking if the _message.isComposed flag is set. If the flag is set to true, the function reverts the transaction with CannotCompose(). However, the function lacks a mechanism to set the _message.isComposed flag to true upon initial message processing. This oversight allows a malicious user to replay the same message and claim multiple tokens across different chains.
Impact
This vulnerability allows a malicious user to replay the same message across multiple chains, claiming tokens multiple times.
Tools Used
Manual
Recommendations
To mitigate this vulnerability, the _lzReceive function must correctly set the _message.isComposed flag to true after processing the message. This ensures that the same message cannot be replayed.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.