Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

contracts/core/test/chainlink/CCIPOnRampMock.sol

kp8877

Let's analyze the provided Solidity smart contract code for potential vulnerabilities and issues:

1. Out of Bounds Access

Issue: The functions getLastRequestMessage and getLastRequestData do not check if the requestMessages and requestData arrays are empty before accessing their last element. If these arrays are empty, accessing the last element will lead to an out-of-bounds error, which can result in a revert.

Mitigation: Add checks to ensure the arrays are not empty before accessing their last element.

function getLastRequestMessage() external view returns (Client.EVM2AnyMessage memory) {
require(requestMessages.length > 0, "No request messages available");
return requestMessages[requestMessages.length - 1];
}
function getLastRequestData() external view returns (RequestData memory) {
require(requestData.length > 0, "No request data available");
return requestData[requestData.length - 1];
}

2. Potential Reentrancy Vulnerability

Issue: The forwardFromRouter function is modifying state by pushing data to the requestMessages and requestData arrays, but it does not call any external contracts. Therefore, while this function itself isn't directly vulnerable to reentrancy, if other functions call forwardFromRouter and make external calls afterward, there could be a reentrancy risk.

Mitigation: If the contract eventually incorporates external calls, consider using the Checks-Effects-Interactions pattern.

3. No Access Control on Sensitive Functions

Issue: The setTokenPool function does not include any access control. This means that anyone can call this function and change the token pool mappings, which could be a significant security risk.

Mitigation: Implement proper access control using modifiers like onlyOwner or a role-based access control pattern.

import "@openzeppelin/contracts/access/Ownable.sol";
contract CCIPOnRampMock is Ownable {
// existing code...
function setTokenPool(address _token, address _pool) external onlyOwner {
tokenPools[_token] = _pool;
}
}

4. Uninitialized State Variables

Issue: The state variables such as linkToken, tokenPools, requestMessages, and requestData are public and can be accessed externally. If they are not initialized properly, they might contain unexpected values, which could lead to confusion.

Mitigation: Ensure that the constructor properly initializes all state variables.

5. Gas Limit and Arrays Growth

Issue: Both requestMessages and requestData arrays grow unbounded, which can lead to potential gas limit issues if a large number of requests are processed. When the arrays grow significantly large, it may consume excessive gas when accessing them.

Mitigation: Consider using a circular buffer or a capped array to limit the number of stored requests.

6. Improper Use of block.timestamp

Issue: Using block.timestamp in keccak256(abi.encode(block.timestamp)) is not recommended for generating unique identifiers as it can be manipulated by miners. It is better to use nonces or another reliable identifier.

Mitigation: Consider using a counter or an incrementing nonce for generating unique identifiers.

Conclusion

While the contract provides a basic structure for the CCIP OnRamp mock, it requires some adjustments for security and reliability, particularly around bounds checking, access control, and gas consumption. Implementing these changes can help ensure the contract is more secure and behaves as intended in a production environment.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.