function _payNative(uint256 _nativeFee) internal virtual returns (uint256 nativeFee) {
// enable the OApp to pay the native fee
if (msg.value < _nativeFee && address(this).balance < _nativeFee) revert NotEnoughNative(msg.value);
return _nativeFee; //@audit should return msg.value so that the extra gas gets refunded to the user
}
As the function has && not || the user will provide the required gas fee, so the extra fee (_nativeFee - msg.value) paid by the user will get stuck in the contract.
Internal pre-conditions
None
External pre-conditions
None
Impact
User loses the entitled refund of gas fee.
Mitigation
Refund the extra fee (_nativeFee - msg.value) paid by the user.
Bouncy Butter Cat
Medium
Gas could get stuck in the contract
Summary
User could lose the extra gas fee they sent due to incorrect return value in _payNative function.
Root Cause
https://github.com/sherlock-audit/2024-09-orderly-network-solana-contract/blob/main/sol-cc/contracts/layerzerolabs/lz-evm-oapp-v2/contracts/oapp/OAppSenderUpgradeable.sol#L110-L114 The _payNative function has the following check :
As the function has
&¬||the user will provide the required gas fee, so the extra fee (_nativeFee - msg.value) paid by the user will get stuck in the contract.Internal pre-conditions
None
External pre-conditions
None
Impact
User loses the entitled refund of gas fee.
Mitigation
Refund the extra fee (_nativeFee - msg.value) paid by the user.