Cross-Chain Balance Invariant Vulnerability in Orderly Network's LayerZero Configuration Due to Reorg
Summary
Orderly Network's default LayerZero configuration without DVN usage can cause a balance mismatch between Solana and Orderly Chain as chain reorgs can result in withdrawals being executed on Solana while being reverted on Orderly Chain.
Root Cause
LayerZero's documentation recommends using DVN configuration, which includes a crucial 'confirmations' parameter allowing protocols to specify the number of blocks to wait before message delivery. The choice not to utilize this configuration to wait for L1 finality in Orderly Network's cross-chain messaging creates a vulnerability, as messages can be delivered before source chain state is final. In the event of an L1 reorganization, this premature delivery can result in inconsistent balances between Solana and Orderly Chain, as withdrawal messages may be processed on Solana before the L1 state (and consequently the L2 state) is finalized.
https://github.com/sherlock-audit/2024-09-orderly-network-solana-contract/blob/main/sol-cc/contracts/SolConnector.sol#L92
This will result in breaking of the invariant specified in README
What properties/invariants do you want to hold even if breaking them has a low/unknown impact?
The USDC balance of Vault pgram on Solana is no less than the Vault balance record on Ledger contract on Orderly chain
Internal pre-conditions
No response
External pre-conditions
L1 chain must undergo a block reorganization after the LayerZero message delivery
Reorg depth must exceed the default confirmation settings of LayerZero
Orderly Chain (L2) must reorganize its state following the L1 reorg
Attack Path
User initiates legitimate withdrawal on Orderly Chain
LayerZero processes the withdrawal message with default confirmation settings
Message is relayed to Solana Vault before L1 finality
Solana Vault releases USDC based on the message
L1 block containing the Orderly withdrawal undergoes reorg
Orderly Chain state is reorged, erasing the withdrawal record
System enters inconsistent state with Orderly Chain balance exceeding Solana Vault holding
Impact
Orderly Network suffers a critical balance invariant violation where the Solana Vault holds less USDC than recorded in Orderly Chain's Ledger contract.
Plain Corduroy Goblin
Medium
Cross-Chain Balance Invariant Vulnerability in Orderly Network's LayerZero Configuration Due to Reorg
Summary
Orderly Network's default LayerZero configuration without DVN usage can cause a balance mismatch between Solana and Orderly Chain as chain reorgs can result in withdrawals being executed on Solana while being reverted on Orderly Chain.
Root Cause
LayerZero's documentation recommends using DVN configuration, which includes a crucial 'confirmations' parameter allowing protocols to specify the number of blocks to wait before message delivery. The choice not to utilize this configuration to wait for L1 finality in Orderly Network's cross-chain messaging creates a vulnerability, as messages can be delivered before source chain state is final. In the event of an L1 reorganization, this premature delivery can result in inconsistent balances between Solana and Orderly Chain, as withdrawal messages may be processed on Solana before the L1 state (and consequently the L2 state) is finalized. https://github.com/sherlock-audit/2024-09-orderly-network-solana-contract/blob/main/sol-cc/contracts/SolConnector.sol#L92
This will result in breaking of the invariant specified in README
Internal pre-conditions
No response
External pre-conditions
Attack Path
Impact
Orderly Network suffers a critical balance invariant violation where the Solana Vault holds less USDC than recorded in Orderly Chain's Ledger contract.
PoC
No response
Mitigation
No response