Closed sherlock-admin2 closed 8 months ago
2 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Invalid. User mistake. See Sherlock documentation
takarez commented:
valid because { valid and a duplicate of issue 013 as excess fees will not be refunded}
deepplus
medium
sendMessage
function ofAvailBridge
contract doesn't refund left ether to users.Summary
sendMessage
function ofAvailBridge
contract calculates the fee value for message data and revert if paid eth is less than it. But when the paid ether is greater than fee value, it doesn't refund ether.Vulnerability Detail
Fee values for sending message is calculated as the length of message data multiplied by
feePerByte
.feePerByte
is updated by admin during using protocol.Therefore, if updating
feePerByte
frontrun forsendMessage
, calculated fee may be less than paid ether. ButsendMessage
doesn't refund left ether and it makes users lose their fund to should be received back.Impact
sendMessage
doesn't refund left ether after paying fee and users may lose their fund to should be received back.Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L300-L321
Tool used
Manual Review
Recommendation
Add logic that refunds the left ether after paying fee to
sendMessage
function.