sherlock-admin
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because {invalid: no POC and impact}
Closed sherlock-admin closed 8 months ago
sherlock-admin
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because {invalid: no POC and impact}
jasonxiale
medium
Messages are vulnerable to cross-chain replay attacks
Summary
Messages are vulnerable to cross-chain replay attacks
Vulnerability Detail
If there's a hard fork, messages can be replayed on the forked chain.
Impact
In current implementation, the messages doesn't
block.chainid, so if hard fork happens, the message can be replayed in the forked chain. Since the message can be used to transfer ETH/ERC20/data, assets might be lost.Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L314-L316
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L334-L342
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L361-L369
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L396-L404
In the above code snippets, the messages doesn't
block.chainid, so when verify the message on the forked chain, the message should also be valid.Tool used
Manual Review
Recommendation
Include the
block.chainidof src-chain and dst-chain in the message.