Summary

TempleGold overriden _lzReceive function in TempleGold.sol contract reverts if following condition is met:

/// @dev Disallow further execution on destination by ignoring composed message
if (_message.isComposed()) { revert CannotCompose(); }

This case should NOT be handled by a revert of the entire transaction but by merely ignoring the execution of the composed message as is written in the comment above the if statement: ...by ignoring composed message

Vulnerability Details

LayerZero integration does not require the functions to revert when you want to ignore further execution. You can simply not address it in code by not handling the case in which there IS a composed message.

Impact

Unexpected transaction reverts for users that want to compose a message on the destination chain.

We are aware that this vulnerability was put in the last audit, but we feel it has not been properly resolved.

Tools Used

Manual review

Recommendations

Remove the line composed message check from send() and _lzReceive() or write the following:

if (_message.isComposed()) { // do nothing }

OR - ignore the composed message alltogether - both in send() and _lzReceive().