Replay Attack Vulnerability in relayMessage Function
Summary
The relayMessage function is susceptible to replay attacks if the uniqueness and immutability of the versionedHash are not properly enforced across all related contract instances and chain contexts.
albahaca0000
Medium
Replay Attack Vulnerability in
relayMessage
FunctionSummary
The
relayMessage
function is susceptible to replay attacks if the uniqueness and immutability of theversionedHash
are not properly enforced across all related contract instances and chain contexts.Code in Question:
https://github.com/sherlock-audit/2024-08-tokamak-network/blob/main/tokamak-thanos/packages/tokamak/contracts-bedrock/src/L1/L1CrossDomainMessenger.sol#L222
Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
Modify the
versionedHash
calculation to include more context, such as chain ID, and implement global nonce management:And ensure
block.chainid
or similar identifier is used in all instances where this function is utilized.This modification will prevent the same message from being accepted on different chains or instances, effectively mitigating replay attacks.