Submission Details
Severity:
`quote` function doesn't follow specification of `LayerZero`, can break cross chain functionality
Summary
quote function doesn't follow specification of LayerZero
Vulnerability Details
LayerZero's specification of quote function
/* @dev Quotes the gas needed to pay for the full omnichain transaction.
* @return nativeFee Estimated gas fee in native gas.
* @return lzTokenFee Estimated gas fee in ZRO token.
*/
function quote(
uint32 _dstEid, // Destination chain's endpoint ID.
string memory _message, // The message to send.
bytes calldata _options, // Message execution options
bool _payInLzToken // boolean for which token to return fee in
) public view returns (uint256 nativeFee, uint256 lzTokenFee) {
bytes memory _payload = abi.encode(_message);
MessagingFee memory fee = _quote(_dstEid, _payload, _options, _payInLzToken);
return (fee.nativeFee, fee.lzTokenFee);
}
But the implementation in the TempleTeleporter.sol is shown below
function quote(
uint32 _dstEid,
bytes memory _message,
bytes memory _options
) external view returns (MessagingFee memory fee) {
return _quote(_dstEid, _message, _options, false);
}
function quote(
uint32 _dstEid,
address _to,
uint256 _amount,
bytes memory _options
) external view returns (MessagingFee memory fee) {
return _quote(_dstEid, abi.encodePacked(_to, _amount), _options, false);
}
Which is different from the recommended specification
Impact
Not following LayerZero specification for quote can lead to break cross chain functionality.
Tools Used
Manual review
Recommendations
Follow the specifications for the quote function as suggested by Layer Zero.
Prize pool breakdown
Total prize
25,000 USDC
nSLOC
99825 USDC / LOC
20,000 USDC
2,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.