Closed 0xreadyplayer1 closed 4 days ago
@TRileySchwarz @zouguangxian Mentioning you guys to have a look
The target documentation for error codes can be found here
https://docs.layerzero.network/v2/developers/evm/troubleshooting/error-messages
InvalidExpiry(uint256 expiry, uint256 minExpiry)
When setting expiry time for the default library, thrown if the expiry time is set before the block timestamp.
@DanL0 Looking forward.
@0xreadyplayer1 this is an inconsistency in the docs, will update accordingly to reflect the correct in-code effects.
@St0rmBr3w but it can serve as a low severity issue because of the impact
contract fails to deliver promised returns but does not lose value
As The function reverts with this error even if expiry == block.number
which is not intended behaviour according to Docs.
So according to the rules of the bug bounty programs , it definiteky serve as a low severity issue to be paid : )
@0xreadyplayer1 you can submit the request through to Immunefi, but this is a nomenclature error in how the docs explain the correct code behaviour, rather than an actual bug report related to the nature of the code logic.
@St0rmBr3w immunefi does not have this category of bug to be submitted so i thought its better to submit here. However , i leave it on layer zero team to decide the fate of this report .
Thanks for the response
Bug Report
Note :- This is a low severity bug report due to high likelihood but low impact. i wanted to submit it through immunefi but the asset was not in-scope . Additionally i was not able to disclose using some security team email of LZ because it does not exist.
So i believe sharing this bug here is a good thing because it does not give an edge to any attacker. The layer zero labs might review the validity of the bug and decide to reward the whitehat as per their assesment.
This might not be your "Typical Critical" bug that puts funds at risk but this bug , if not mitigated can put future protocol developments and integrations at risk that assumes that code is implemented according to docs 100%.
Report
Vulnerability Details
The Layer-zero v2 docs states following about the
invalidExpiry
errorit states
This translates to
or
it means the error
InvalidExpiry(uint256 expiry, uint256 minExpiry)
should not be thrown ifhowever in the current implementation of
setDefaultReceiveLibraryTimeout
insideMessageLibManager
https://github.com/LayerZero-Labs/LayerZero-v2/blob/417cbb9eb68a4f678490d18728973c8c99f3f017/packages/layerzero-v2/evm/protocol/contracts/MessageLibManager.sol#L210
The function reverts with this error even if expiry == block.number
which is not intended behaviour according to Docs.
Impact
While it does not have direct funds loss , which is why its low severity , it can cause future protocol implementations and integrations to be at risk because they would assume that expiry can be set for current block.number , which is correct according to Documentation . However the code will revert , reverting any crucial operations of the layer zero protocol components itself or the protocols being integrated.
Recommendation
Only revert if
expiry < block.number
otherwiseupdate the documentation