Last updated
Was this helpful?
Submitted on Dec 31st 2024 at 13:10:15 UTC by @security for
Report ID: #38341
Report Type: Smart Contract
Report severity: Insight
Target: https://github.com/lombard-finance/evm-smart-contracts/blob/main/contracts/bridge/Bridge.sol
Impacts:
Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol (not lower than $1K))
The getAdapterFee function forwards 228 bytes as payload for fee estimation. However, these bytes are not included in the actual payload or fee calculation during the bridging process. Additionally, if no adapter is set for a destination, the function reverts instead of returning zero.
When calculating the adapter fee via getAdapterFee, the function forwards new bytes(228) to destConfig.adapter.getFee for fee estimation:
However, in the implementation of CLAdapter::_buildCCIPMessage, the payload is ignored:
Similarly, during deposits, the same _buildCCIPMessage is called, which skips the payload. As a result, the message used for fee estimation does not include the payload:
The following comment in the code is misleading because the 228-byte payload is not actually bridged during deposit:
Additionally, if no adapter is set in the destination configuration, getAdapterFee reverts. Instead, it should return zero for better handling.
These issues lead to suboptimal gas usage and ambiguous behavior during fee estimation and payload processing. Addressing them ensures clearer logic and better gas efficiency.
The payload length is not included in fee estimation or deposit processing, which is the correct behavior. However, for clarity and gas optimization, the following changes are recommended:
