Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Latest commit

 

History

History
47 lines (30 loc) · 2.69 KB

033.md

File metadata and controls

47 lines (30 loc) · 2.69 KB
Raw

0xdeadbeef

high

Relay of before bedrock failed transactions is not possible after bedrock update

Summary

Due to an upgrade in the message relaying mechanism, pre-bedrock users will not be able to relay failed transactions.

Vulnerability Detail

A feature of the cross domain messengers is to manage and relay transactions between both chains. This feature is impacted during migration due change in relaying mechanism.

During the migration from pre-bedrock to bedrock, the L1CrossDomainMessenger and L2CrossDomainMessenger is updated. There is a difference from the old version to the new version in the relaying mechanism that can be called by users to try to relay failed transaction again

  • Old contract - in order to replay a transaction users need to call relayMessage again. It will be callable as long as the transaction failed: require(successfulMessages[xDomainCalldataHash] == false, "Provided message has already been received.");
  • New contract -in order to replay a transaction users need to call relayMessage again. It will be callable as long as the the failed transaction is stored in failedMessages array: require(failedMessages[versionedHash], "CrossDomainMessenger: message cannot be replayed");

Because failedMessages array does not exist pre-bedrock. Users will not be able to replay the transaction in the new contract.

Impact

Existing Optimism users relying on the messaging mechanism will not be able to relay a failed transaction due to Optimism update.

Code Snippet

Old relayMessage in old L2CrossDomainMessenger and L1CrossDomainMessenger: https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts/contracts/L2/messaging/L2CrossDomainMessenger.sol#L95 https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts/contracts/L1/messaging/L1CrossDomainMessenger.sol#L165

New relayMessage in shared (L1 and L2) CrossDomainMessenger: https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/universal/CrossDomainMessenger.sol#L256

Tool used

Manual Review

Recommendation

For L1: Consider during migration to look for "FailedRelayedMessage" messages in the old L1CrossDomainMessenger by reviewing on-chain events. When updating the proxy on L1 to the new L1CrossDomainMessenger. Create a temporary implementation and add the data from FailedRelayedMessage to the failedMessages array. After updating, update the implementation to post-bedrock L1CrossDomainMessenger

For L2: Easier, same as migrating legacy withdrawals. Read the FailedRelayedMessage and change the stateDB of L2CrossDomainMessenger to populated the failedMessages array.