Ensuring that incoming messages are only accepted from the legitimate Avail AMB is critical to prevent unauthorized actions or injection of malicious data.
Vulnerability Detail
The contract checks that the message sender is the authorized Avail AMB using msg.sender != availBridge. This check is pivotal, and the integrity of the availBridge address is crucial. If compromised or incorrectly set, unauthorized entities could send messages, leading to potential contract manipulation.
Impact
If the availBridge address is not securely managed, or if there's a vulnerability in how the contract determines the message sender, it might lead to unauthorized message processing.
This function ensures that the message is only processed if it's coming from the authorized Avail AMB.
Tool used
Manual Review
Recommendation
Secure Initialization and Management of availBridge: Ensure that availBridge is set correctly upon contract deployment and provide secure mechanisms (if necessary) to update it, guarding against unauthorized changes.
Anubis
medium
Message Source Authentication
Summary
Ensuring that incoming messages are only accepted from the legitimate Avail AMB is critical to prevent unauthorized actions or injection of malicious data.
Vulnerability Detail
The contract checks that the message sender is the authorized Avail AMB using msg.sender != availBridge. This check is pivotal, and the integrity of the availBridge address is crucial. If compromised or incorrectly set, unauthorized entities could send messages, leading to potential contract manipulation.
Impact
If the availBridge address is not securely managed, or if there's a vulnerability in how the contract determines the message sender, it might lead to unauthorized message processing.
Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/MessageReceiver.sol#L18-L23
This function ensures that the message is only processed if it's coming from the authorized Avail AMB.
Tool used
Manual Review
Recommendation
Secure Initialization and Management of availBridge: Ensure that availBridge is set correctly upon contract deployment and provide secure mechanisms (if necessary) to update it, guarding against unauthorized changes.