Closed sherlock-admin2 closed 8 months ago
2 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Low
takarez commented:
invalid because { Thi is intended behavior i believe as to make sure it didn't even come close}
Tricko
medium
Wrong message length check in
AvailBridge.sendMessage()
.Summary
The
AvailBridge.sendMessage()
function incorrectly checks the message length by verifying ifdata.length
is greater or equal to102400
. This check should only revertdata.length
exceeds the102400
size limit.Vulnerability Detail
As we can see from
AvailBridge.sendMessage()
function (code snippet below), it will revert ifdata.length
is greater than or equal toMAX_DATA_LENGTH
.However, examining the bridge off-chain code reveals that the maximum length is
102400
. Consequently, it should only revert ifdata.length
surpasses theMAX_DATA_LENGTH
. Due to this mismatch, valid messages will cause reverts inAvailBridge.sendMessage()
.Impact
Message length is wrongly checked. Valid messages will be incorrectly rejected by
AvailBridge.sendMessage()
.Code Snippet
https://github.com/sherlock-audit/2023-12-avail/blob/main/contracts/src/AvailBridge.sol#L301-L304
Tool used
Manual Review.
Recommendation
Consider changing the data length check, as shown below.