[M-2] Users can send empty messages without paying fees
Summary
Users can send empty messages through AvailBridge::sendMessage without paying fees by sending empty data and a value of 0.
Vulnerability Detail
The Avail Bridge documentation states that the value of a sendMessage transaction must be strictly > 0 (search for "The pallet has to check for the following:").
This invariant is harmed by sending a transaction with value: 0 and bypassing the fee check by sending data with length == 0.
Impact
By sending messages with data.length == 0 the total fee value is not increased, since it is just adding 0 to it:
0xWallSecurity
medium
[M-2] Users can send empty messages without paying fees
Summary
Users can send empty messages through
AvailBridge::sendMessage
without paying fees by sending empty data and a value of0
.Vulnerability Detail
The Avail Bridge documentation states that the value of a
sendMessage
transaction must be strictly> 0
(search for "The pallet has to check for the following:"). This invariant is harmed by sending a transaction with value: 0 and bypassing the fee check by sending data withlength == 0
.Impact
By sending messages with
data.length == 0
the total fee value is not increased, since it is just adding0
to it:AvailBridge::sendMessage
This leads to users being able to send (empty) messages without paying fees.
Code Snippet
Add the following test to the end of
AvailBridgeTest.t.sol
and runforge test --mt test_auditRevertFeeTooLow_sendMessage -vvvvv
:Tool used
Recommendation
Implement an additional check on the msg.value:
Duplicate of #84