Closed chasebrownn closed 6 months ago
The RealReceiver::_nonblockingLzReceive function will not validate that the packet type is valid as it contains a default case.
RealReceiver::_nonblockingLzReceive
Any malformation of the input payload will be accepted as valid regardless of its packet type.
payload
function _nonblockingLzReceive( uint16 /** srcChainId */, bytes memory /** srcAddress */, uint64 /** nonce */, bytes memory payload ) internal virtual override { uint16 packetType; assembly { packetType := mload(add(payload, 32)) } if (packetType == SEND_NFT) _migrateNFT(payload); else if (packetType == SEND_NFT_BATCH) _migrateNFTBatch(payload); else _migrateTokens(payload); }
We advise the default cause to ensure that the packetType value is SEND, preventing malformed payloads from being processed incorrectly by the contract.
packetType
SEND
Resolved
chasebrownn
commented
6 months ago
RRR-02M: Inexistent Validation of Packet Type
Description:
The
RealReceiver::_nonblockingLzReceivefunction will not validate that the packet type is valid as it contains a default case.Impact:
Any malformation of the input
payloadwill be accepted as valid regardless of its packet type.Example:
Recommendation:
We advise the default cause to ensure that the
packetTypevalue isSEND, preventing malformed payloads from being processed incorrectly by the contract.