Open hats-bug-reporter[bot] opened 8 months ago
Sorry, I don't understand the issue.
Why should a message length of 0 not be allow? What if you just wanted to invoke a function on another contract? (or collect a piece of information of another chain to be sent back on ack?).
This will prevent spam messages in general.
Also, if you wanted to invoke a function on another contract or collect a piece of information, the calldata of the transaction should be used.
How does it prevent spam messages and who classifies which messages are spam?
I believe that the messages submitted should actually contain value. If you don't feel the same way, that's fine.
Github username: @Lightoasis Twitter username: -- Submission hash (on-chain): 0x4db207640153cc1503b71d4356ffd08ae1d098f8338119b046bc93b854bcb89e Severity: low
Description: Description\ This bug is caused by a lack of validation in function submitMessage to verify that the message.length of the submitted message is not 0 before accepting the message's submission and processing it. This allows empty and invalid messages to be submitted and processed as valid messages,
Attachments
Add this test to roundtrips.t.sol and run forge test.
Runnable file attached below.
Fix\ Verify that the message.length != 0 before accepting the message's submission and proccessing it.
Files: