sendMessage() Allow Spamming of Off-Chain Infrastructure
Summary
The sendMessage function lacks a check for zero-length data. Unlike the sendAVAIL and sendETH functions, which have safeguards against zero token amounts, sendMessage does not prevent the sending of messages with empty data. This oversight could allow attackers to spam the off-chain infrastructure without incurring any fees.
Vulnerability Detail
In the sendMessage function, the only check performed on the data parameter is whether its length exceeds MAX_DATA_LENGTH. However, there is no check to ensure that the data is not empty. This could be exploited by sending a large number of empty messages, potentially leading to spamming of the network's off-chain components. Since the fee calculation (getFee(length)) is based on the length of the data, a zero-length message would not attract any fees, making it a vector for spam attacks.
Impact
This vulnerability allows attackers to spam the off-chain infrastructure without paying any fee.
alexzoid
medium
sendMessage()
Allow Spamming of Off-Chain InfrastructureSummary
The
sendMessage
function lacks a check for zero-length data. Unlike thesendAVAIL
andsendETH
functions, which have safeguards against zero token amounts,sendMessage
does not prevent the sending of messages with empty data. This oversight could allow attackers to spam the off-chain infrastructure without incurring any fees.Vulnerability Detail
In the
sendMessage
function, the only check performed on thedata
parameter is whether its length exceedsMAX_DATA_LENGTH
. However, there is no check to ensure that thedata
is not empty. This could be exploited by sending a large number of empty messages, potentially leading to spamming of the network's off-chain components. Since the fee calculation (getFee(length)
) is based on the length of the data, a zero-length message would not attract any fees, making it a vector for spam attacks.Impact
This vulnerability allows attackers to spam the off-chain infrastructure without paying any fee.
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L294-L321
Tool used
Manual Review
Recommendation
It is recommended to add a check for zero-length
data
in thesendMessage
function:Duplicate of #84