Bald Sky Alligator - Empty `extraArgs` in `BaseCCIPSender` contract will cause CCIP messages to fail when the network is highly congested

[sherlock-admin4]

Bald Sky Alligator

Low/Info

Empty extraArgs in BaseCCIPSender contract will cause CCIP messages to fail when the network is highly congested

Summary

Empty extraArgs in BaseCCIPSender.sol will cause CCIP messages to fail when the network is highly congested (in this case Ethereum where WinnablesPrizeManager contract deployed.

Root Cause

In BaseCCIPSender.sol:32, the extraArgs is set empty. https://github.com/sherlock-audit/2024-08-winnables-raffles/blob/main/public-contracts/contracts/BaseCCIPSender.sol#L32

According to Chainlink CCIP official documentation, if extraArgs are left empty, a default of 200000 gasLimit will be set. (https://docs.chain.link/ccip/best-practices#using-extraargs)

The purpose of extraArgs is to allow compatibility with future CCIP upgrades. To get this benefit, make sure that extraArgs is mutable in production deployments. This allows you to build it offchain and pass it in a call to a function or store it in a variable that you can update on-demand.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

There are some CCIP messages in the business logic of Winnables:

• Signaling that prizes were locked and admins can create new raffles
• Cancelling raffles

Setting extraArgs empty will cause those CCIP messages to fail when the network is highly congested. This will cost the admin some gas fee and LINK tokens if he use it to pay Chainlink CCIP services.

Also, this will prevent compatibility with future CCIP upgrades.

PoC

No response

Mitigation

Make sure that extraArgs is mutable in production deployments.

Reference: https://cll-devrel.gitbook.io/ccip-bootcamp/day-2/building-cross-chain-nfts#using-extraargs

[sherlock-admin2]

The protocol team fixed this issue in the following PRs/commits: https://github.com/Winnables/public-contracts/pull/15