TempleGold

TempleDAO
Foundry
25,000 USDC
View results
Submission Details
Severity: low
Valid

Inconsistent Gas Fee Estimation and Parameter Matching for Cross-Chain Transactions

Summary

The TempleGold contract includes functions for estimating and sending cross-chain messages using the LayerZero protocol. These functions involve calculating the gas fees required for cross-chain transactions. The accuracy of these calculations and the consistency of parameters passed between functions are crucial for the successful execution of transactions. This report identifies two issues within this process: inaccurate gas fee estimation and parameter mismatches, both of which can lead to transaction failures and unexpected costs.

Vulnerability Details

As per the detailed Integration checklists -

The quote function is responsible for estimating the gas fees required for cross-chain transactions. If this function does not provide an accurate estimate, users may encounter transaction failures or incur higher costs than expected. The fee estimation should be accurate and up-to-date with current gas prices to ensure smooth operation.

The parameters passed to the quote function also must exactly match those used in the _lzSend function. Any mismatch can cause discrepancies between the estimated and actual gas fees, leading to transaction failures. Ensuring consistency in the parameters used for fee estimation and message sending is critical for successful cross-chain communication.

Here's the quote function -

function quote(
uint32 _dstEid,
bytes memory _message,
bytes memory _options
) external view returns (MessagingFee memory fee) {
return _quote(_dstEid, _message, _options, false);
}
function quote(
uint32 _dstEid,
address _to,
uint256 _amount,
bytes memory _options
) external view returns (MessagingFee memory fee) {
return _quote(_dstEid, abi.encodePacked(_to, _amount), _options, false);
}
function _quote(
uint32 _dstEid,
bytes memory _message,
bytes memory _options,
bool _payInLzToken
) internal view virtual returns (MessagingFee memory fee) {
return
endpoint.quote(
MessagingParams(_dstEid, _getPeerOrRevert(_dstEid), _message, _options, _payInLzToken),
address(this)
);
}

Parameter Mismatch Between quote and _lzSend

function send(
SendParam calldata _sendParam,
MessagingFee calldata _fee,
address _refundAddress
) external payable virtual override(IOFT, OFTCore) returns (MessagingReceipt memory msgReceipt, OFTReceipt memory oftReceipt) {
if (_sendParam.composeMsg.length > 0) { revert CannotCompose(); }
/// cast bytes32 to address
address _to = _sendParam.to.bytes32ToAddress();
/// @dev user can cross-chain transfer to self
if (msg.sender != _to) { revert ITempleGold.NonTransferrable(msg.sender, _to); }
// @dev Applies the token transfers regarding this send() operation.
// - amountSentLD is the amount in local decimals that was ACTUALLY sent/debited from the sender.
// - amountReceivedLD is the amount in local decimals that will be received/credited to the recipient on the remote OFT instance.
(uint256 amountSentLD, uint256 amountReceivedLD) = _debit(
msg.sender,
_sendParam.amountLD,
_sendParam.minAmountLD,
_sendParam.dstEid
);
// @dev Builds the options and OFT message to quote in the endpoint.
(bytes memory message, bytes memory options) = _buildMsgAndOptions(_sendParam, amountReceivedLD);
// @dev Sends the message to the LayerZero endpoint and returns the LayerZero msg receipt.
msgReceipt = _lzSend(_sendParam.dstEid, message, options, _fee, _refundAddress);
// @dev Formulate the OFT receipt.
oftReceipt = OFTReceipt(amountSentLD, amountReceivedLD);
emit OFTSent(msgReceipt.guid, _sendParam.dstEid, msg.sender, amountSentLD, amountReceivedLD);
}

So, a probable scenario can be -

  • Alice wants to send tokens cross-chain using the TempleGold contract.

  • She calls the quote function to get an estimate of the gas fees required.

  • The quote function returns an underestimated fee due to outdated gas price information.

  • Alice proceeds with the transaction by calling the send function with the estimated fee.

  • The actual gas fee required is higher than the estimated fee, causing the transaction to fail.

Impact

Users may experience failed transactions if the gas fee is underestimated or parameters do not match. Users may also incur higher fees if the gas fee estimation is inaccurate.

Tools Used

Manual Review

Recommendations

Ensure Accurate Gas Fee Estimation:

  • Implement rigorous testing and validation of the quote function to ensure it accurately estimates the required gas fees.

  • Update the gas fee estimation logic to consider real-time gas prices.

Enforce Parameter Matching

  • Implement checks to ensure that the parameters passed to the quote function match those used in the _lzSend function.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect payload bytes in `quote()` they use `abi.encodePacked(_to, _amount)` instead of `abi.encodePacked(_to.addressToBytes32(), _amount)`

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.