-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cross-chain messaging via Anycall will fail #91
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
edited-by-warden
H-34
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Comments
code423n4
added
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
labels
Jun 15, 2023
c4-judge
added
the
primary issue
Highest quality submission among a set of duplicates
label
Jul 9, 2023
trust1995 marked the issue as primary issue |
trust1995 marked the issue as satisfactory |
c4-judge
added
the
satisfactory
satisfies C4 submission criteria; eligible for awards
label
Jul 9, 2023
0xLightt marked the issue as sponsor confirmed |
c4-sponsor
added
the
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
label
Jul 11, 2023
c4-judge
added
the
selected for report
This submission will be included/highlighted in the audit report
label
Jul 25, 2023
trust1995 marked the issue as selected for report |
0xBugsy marked the issue as sponsor acknowledged |
c4-sponsor
added
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
and removed
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
labels
Jul 27, 2023
0xBugsy marked the issue as sponsor confirmed |
We recognize the audit's findings on Anycall. These will not be rectified due to the upcoming migration of this section to LayerZero. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
edited-by-warden
H-34
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/ulysses-omnichain/BranchBridgeAgent.sol#L1006-L1011
https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/ulysses-omnichain/lib/AnycallFlags.sol#L11
Vulnerability details
Impact
Cross-chain calls will fail since source-fee is not supplied to Anycall
Proof of Concept
In
_performCall()
of BranchBridgeAgent.sol, a cross-chain called is made usinganyCall()
with the_flag
of 4. According to the Anycall V7 documentation and code, when using gas_flag
of 4, the gas fee must be paid on the source chain. This meansanyCall()
must be called and sent gas.However, this is not the case, and the result is
_performCall
will always revert. This will impact many functions that rely on this function such ascallOut()
,callOutSigned()
,retryDeposit()
, and etc.Tools Used
Manual
Recommended Mitigation Steps
After discussing with the Sponsor, it is expected that the fee be paid on the destination chain, specifically the
rootBridgeAgent
. Consider refactoring the code to change the_flag
to use pay on destination.Alternatively, if pay on source is the intention, consider refactoring the code to include fees, starting with
_performCall
. Additional refactoring will be required.Assessed type
Library
The text was updated successfully, but these errors were encountered: