Closed sherlock-admin closed 8 months ago
2 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Invalid. User mistake. See Sherlock documentation
takarez commented:
valid because { valid and a duplicate of issue 013}
I think this finding is important because the protocol needs to guide how users interact to stop them from losing money when it could be avoided.
Pelz
high
Excess ETH sent in AvailBridge::sendMessage function not refunded back to the users
Summary
The
sendMessage
function in theAvailBridge
contract lacks proper validation, allowing users to send excess Ether without receiving a refund. This oversight could lead to potential loss of funds.Vulnerability Detail
The vulnerability arises from the condition
if (msg.value < getFee(length))
, which checks if the sent Ether is less than the calculated fee based on the length of the data field. However, it fails to restrict users from sending excess Ether, potentially resulting in unrecoverable losses.reference: https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L305-L308
Impact
The impact of this vulnerability is significant as it exposes users to the risk of losing funds. Without proper validation, users can send more Ether than the required fee, and this excess Ether may not be refunded.
Code Snippet
Tool used
Manual Review
Recommendation
Implement proper validation to restrict users from sending excess Ether. Modify the condition to ensure that only the exact required fee is accepted, preventing potential loss of funds. You can modify it like this: