Closed sherlock-admin closed 8 months ago
2 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Invalid. Is increasing
takarez commented:
invalid because {invalid: this is increasing the messagId and then storing in a variable id}
Avci
medium
the nonce value doesnt increace and its always == 1
Summary
the nonce value doesn't increase and its always == 1
Vulnerability Detail
in the contract
Availbridge.sol
one of the examples of broken increment is happening in L331 functionsendAVAIL
imagine number of the messageif which is nonce is 0 and then this id in the function tries to increase but what happens is because the original value of
messageid
never increases the id is always going to be same like 1 if it 0 and everytime user calling these functions which this logic is used in manny functions of this project theid
is going to be 1(same previous on) and then the whole messages will send over this id and its going to break the functionality of the nonce// nonce uint64 messageId; }
so it actually means that the nonce is broken in whole contract and because of these logics it keeps giving previous values which is not a validnonce
.Impact
nonce logic is broken and will not give a valid nonce values which is dangerous.
Code Snippet
function sendAVAIL(bytes32 recipient, uint256 amount) external whenNotPaused checkDestAmt(recipient, amount) {
Tool used
Manual Review
Recommendation
messageid
instead of id uint