Closed sherlock-admin closed 8 months ago
2 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Invalid. User mistake. See Sherlock documentation
takarez commented:
valid because { valid and a duplicate of issue 013}
Jaraxxus
medium
Excess msg.value is not refunded when calling sendMessage, which will affect fees calculation as well
Summary
Excess msg.value is not refunded in sendMessage.
Vulnerability Detail
Users can send a message on Avail by calling sendMessage(). The function checks for the fee amount and adds it into the fee variable. If the user sends more msg.value than intended, the msg.value will not be refunded and the fees amount will be calculated incorrectly.
Impact
Users will lose fees. Also, the fees calculation will be wrong.
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L300-L322
Tool used
Manual Review
Recommendation
Recommend checking the fee price and having an equivalent sign for msg.value and getFee(length) so that the exact fee is paid.