search

sherlock-audit / 2023-12-avail-judging

4 stars 4 forks source link

m4ttm - Incorrect use of >= to check against MAX_DATA_LENGTH #114

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 8 months ago

m4ttm

medium

Incorrect use of >= to check against MAX_DATA_LENGTH

Summary

A check on a function parameter against a chosen range maximum uses >=. Since maximum implies that the number is the upper boundary inclusively, this is incorrect.

Vulnerability Detail

Maximum implies that this is the upper limit inclusively, but the check on message data.length uses >= to compare against MAX_DATA_LENGTH in order to revert.

Impact

sendMessage reverts if a maximum length message is provided, rather than only when the maximum is exceed.

Code Snippet

https://github.com/sherlock-audit/2023-12-avail/blob/1afb56b8d4dfbf5d3f21bed0ddf80a04730204b5/contracts/src/AvailBridge.sol#L300-L304

function sendMessage(bytes32 recipient, bytes calldata data) external payable whenNotPaused {
        uint256 length = data.length;
        if (length >= MAX_DATA_LENGTH) {
            revert ExceedsMaxDataLength();
        }

Tool used

Manual Review

Recommendation

Change the check to length > MAX_DATA_LENGTH

sherlock-admin commented 8 months ago

2 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Low

takarez commented:

invalid because { intended behavior i believe}