function updateFeePerByte(uint256 newFeePerByte) external onlyRole(DEFAULT_ADMIN_ROLE) {
feePerByte = newFeePerByte;
}
function updateFeePerByte(uint256 newFeePerByte) external onlyRole(DEFAULT_ADMIN_ROLE) {
+ require( newFeePerByte !=0 ,"newFeePerByte can not be zero ")
feePerByte = newFeePerByte;
}
kgothatso
high
AvailBridge :: updateFeePerByte
can setfeePerByte
to zero and cause DOS transaction not going throughSummary
AvailBridge :: sendMessage
can revert alwaysVulnerability Detail
AvailBridge :: getFee
can cause aDOS attackImpact
Zero
feePerByte
will causeAvailBridge :: sendMessage
to revert always beacause the function callsAvailBridge :: getFee
which will returns ZeroCode Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L153
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L306
Tool used
Manual Review
Recommendation