Closed sherlock-admin closed 8 months ago
kgothatso
high
AvailBridge :: withdrawFees
can cause unexpected withdraws to feeRecipient before they use the fees to receiveMessage
feeRecipient
fees
This could cause a DOS attack on the receiveMessage function we call it
receiveMessage
the receiveMessage will revert due to no fees
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L171
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L187
Manual Review
add a modifier to withdrawFees to controll access
withdrawFees
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { invalid: comment says "Callable by anyone because all fees are always sent to the recipient"}
kgothatso
high
AvailBridge :: withdrawFees
can be called by anyone and can cause front-running ans a DOS attackSummary
can cause unexpected withdraws to
feeRecipient
before they use thefees
to receiveMessageVulnerability Detail
This could cause a DOS attack on the
receiveMessage
function we call itImpact
the
receiveMessage
will revert due to nofees
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L171
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L187
Tool used
Manual Review
Recommendation
add a modifier to
withdrawFees
to controll access