search

sherlock-audit / 2023-12-avail-judging

4 stars 4 forks source link

alexzoid - `sendMessage()` Allow Spamming of Off-Chain Infrastructure #124

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 8 months ago

alexzoid

medium

sendMessage() Allow Spamming of Off-Chain Infrastructure

Summary

The sendMessage function lacks a check for zero-length data. Unlike the sendAVAIL and sendETH functions, which have safeguards against zero token amounts, sendMessage does not prevent the sending of messages with empty data. This oversight could allow attackers to spam the off-chain infrastructure without incurring any fees.

Vulnerability Detail

In the sendMessage function, the only check performed on the data parameter is whether its length exceeds MAX_DATA_LENGTH. However, there is no check to ensure that the data is not empty. This could be exploited by sending a large number of empty messages, potentially leading to spamming of the network's off-chain components. Since the fee calculation (getFee(length)) is based on the length of the data, a zero-length message would not attract any fees, making it a vector for spam attacks.

Impact

This vulnerability allows attackers to spam the off-chain infrastructure without paying any fee.

Code Snippet

https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L294-L321

Tool used

Manual Review

Recommendation

It is recommended to add a check for zero-length data in the sendMessage function:

    function sendMessage(bytes32 recipient, bytes calldata data) external payable whenNotPaused {
        uint256 length = data.length;
        if (length == 0 || length >= MAX_DATA_LENGTH) {        
        // ... existing code ...
    }

Duplicate of #84

sherlock-admin commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid because {invalid: thats an intended behavior i believ}