gas is hardcoded whenever bridging humanityID

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0x4d835923fc1b6b76758560adc8c3084937b23bc11ca5a98d9eabcaea7c114459 Severity: low

Description:

Description

whenever transferHumanity is called sendMessage is also invoked:

    function transferHumanity(address _bridgeGateway) external allowedGateway(_bridgeGateway) {
        // Function will require humanity to be claimed by sender, have no pending requests and human not vouching for others at the time
        (bytes20 humanityId, uint40 expirationTime) = proofOfHumanity.ccDischargeHumanity(msg.sender);
 //..Omitted code

=>        IBridgeGateway(_bridgeGateway).sendMessage(
            abi.encodeWithSelector(
                ICrossChainProofOfHumanity.receiveTransfer.selector,
                msg.sender,
                humanityId,
                expirationTime,
                tHash
            )
        );

Inside sendMessage the gas limit is hardcoded to amb.maxGasPerTx:

function sendMessage(bytes memory _data) external override {
        require(msg.sender == homeProxy, "!homeProxy");
        amb.requireToPassMessage(foreignGateway, abi.encodeCall(this.receiveMessage, (_data)), => amb.maxGasPerTx());
    }

This means that the same gas limit is applied for every bridge to a particular chain. When the network becomes congested and demands a higher gas limit for transactions to succeed, this can cause inconsistencies.

Since users cannot set their own gas limit, this may result in stuck bridging during periods of high network congestion.

Recommendation

we recommend an optional paramater that allows users to specify their gasLimit

[clesaege]

I think you are confusing gas limit and gas price. Here it's hardcoded to the maximum gas limit, therefore it is not possible to choose a greater gas limit anyways.