search

sherlock-audit / 2023-12-avail-judging

4 stars 4 forks source link

kgothatso - ` AvailBridge :: updateFeePerByte ` can set `feePerByte` to zero and cause DOS transaction not going through #52

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 8 months ago

kgothatso

high

AvailBridge :: updateFeePerByte can set feePerByte to zero and cause DOS transaction not going through

Summary

AvailBridge :: sendMessage can revert always

Vulnerability Detail

AvailBridge :: getFee can cause aDOS attack

Impact

Zero feePerByte will cause AvailBridge :: sendMessage to revert always beacause the function calls AvailBridge :: getFee which will returns Zero

Code Snippet

https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L153

https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L306

Tool used

Manual Review

Recommendation

   function updateFeePerByte(uint256 newFeePerByte) external onlyRole(DEFAULT_ADMIN_ROLE) {
        feePerByte = newFeePerByte;
    }

 function updateFeePerByte(uint256 newFeePerByte) external onlyRole(DEFAULT_ADMIN_ROLE) {
+      require( newFeePerByte !=0 ,"newFeePerByte  can not be zero ")
         feePerByte = newFeePerByte;
    }
sherlock-admin commented 8 months ago

2 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Admin is trusted

takarez commented:

invalid because {invalid: admin function}