TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Hardcoded payZRO in quote

0xtheblackpanther

GitHub

https://github.com/Cyfrin/2024-07-templegold/blob/6c3980a0486c01114d0ef1281df188b6c01991e6/protocol/contracts/templegold/TempleTeleporter.sol#L69-L94

Summary

The quote functions currently hardcode the _payInLzToken parameter to false. This hardcoding limits the protocol's ability to adopt the ZRO token as a future fee payment method, which may be crucial considering the potential launch of ZRO in the upcoming year. According to the LayerZero integration checklist, _payInZRO must not be hardcoded and should be passed as a parameter instead. Making _payInZRO an input parameter will allow flexibility for future fee payments using ZRO.

Impact

By hardcoding _payInLzToken to false, the protocol restricts its ability to adapt to future changes in fee payment methods, specifically the adoption of the ZRO token. This limitation can lead to integration issues and restrict the protocol's flexibility in handling fees.

Recommendation

Pass the _payInZRO field as an input parameter to the quote functions to allow flexibility in future fee payments using ZRO. This change will ensure that the protocol can seamlessly accommodate ZRO as a fee payment method when it is launched.

Update the quote functions to include _payInZRO as an input parameter:

/**
* @dev External function to interact with the LayerZero EndpointV2.quote() for fee calculation.
* @param _dstEid The destination endpoint ID.
* @param _message The message payload.
* @param _options Additional options for the message.
* @param _payInZRO Boolean indicating whether to pay the fee in ZRO tokens.
* @return fee The calculated MessagingFee for the message.
* - nativeFee: The native fee for the message.
* - lzTokenFee: The LZ token fee for the message.
*/
function quote(
uint32 _dstEid,
bytes memory _message,
bytes memory _options,
bool _payInZRO
) external view returns (MessagingFee memory fee) {
return _quote(_dstEid, _message, _options, _payInZRO);
}
/**
* @dev External function to interact with the LayerZero EndpointV2.quote() for fee calculation.
* @param _dstEid The destination endpoint ID.
* @param _to Recipient
* @param _amount Amount to send
* @param _options Additional options for the message.
* @param _payInZRO Boolean indicating whether to pay the fee in ZRO tokens.
* @return fee The calculated MessagingFee for the message.
* - nativeFee: The native fee for the message.
* - lzTokenFee: The LZ token fee for the message.
*/
function quote(
uint32 _dstEid,
address _to,
uint256 _amount,
bytes memory _options,
bool _payInZRO
) external view returns (MessagingFee memory fee) {
return _quote(_dstEid, abi.encodePacked(_to, _amount), _options, _payInZRO);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
0xtheblackpanther Submitter
11 months ago

Appeal created

inallhonesty Lead Judge
11 months ago
inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.