Platform: Code4rena
Start Date: 22/09/2023
Pot Size: $100,000 USDC
Total HM: 15
Participants: 175
Period: 14 days
Judge: alcueca
Total Solo HM: 4
Id: 287
League: ETH
Rank: 100/175
Findings: 1
Award: $25.68
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: MrPotatoMagic
Also found by: 0xAadi, 0xDING99YA, 0xDemon, 0xRstStn, 0xSmartContract, 0xStriker, 0xWaitress, 0xbrett8571, 0xfuje, 0xsagetony, 0xsurena, 33BYTEZZZ, 3docSec, 7ashraf, ABA, ABAIKUNANBAEV, Aamir, Audinarey, Bauchibred, Black_Box_DD, Daniel526, DanielArmstrong, DanielTan_MetaTrust, Dinesh11G, Eurovickk, Franklin, Inspecktor, John, Jorgect, Joshuajee, K42, Kek, Koolex, LokiThe5th, MIQUINHO, Myd, NoTechBG, QiuhaoLi, SanketKogekar, Sathish9098, Sentry, Soul22, SovaSlava, Stormreckson, Tendency, Topmark, Udsen, V1235816, Viktor_Cortess, Viraz, Yanchuan, ZdravkoHr, Zims, albahaca, albertwh1te, alexweb3, alexxander, ast3ros, audityourcontracts, bareli, bin2chen, bronze_pickaxe, c0pp3rscr3w3r, cartlex_, castle_chain, chaduke, debo, ether_sky, gumgumzum, imare, its_basu, jaraxxus, jasonxiale, josephdara, kodyvim, ladboy233, lanrebayode77, lsaudit, mert_eren, minhtrng, n1punp, nadin, niroh, nmirchev8, orion, peakbolt, perseverancesuccess, pfapostol, ptsanev, rvierdiiev, saneryee, shaflow2, te_aut, terrancrypt, twcctop, unsafesol, ustas, versiyonbir, windhustler, yongskiws, zhaojie, ziyou-
25.6785 USDC - $25.68
https://github.com/code-423n4/2023-09-maia/blob/main/src/RootBridgeAgent.sol#L436
In Summer 2022, the LayerZero team updated their chainIds. For example, main-net chainId used to be 1 - which got updated to 101.
Therefore, the team advises every project that incorporates LayerZero to not hardcode the chainId's because they can be updated by the LayerZero team in the future. You can find this advice in their LayerZero Integration Checklist.
Ulysses makes use of chainId's everywhere in the project.
In BranchBridgeAgent.sol, RootBridgeAgent.sol, lzReceive receives the _srcChainId, which is the chainID from the chain that has sent the message. This _srcChainId
The _srchChainId is used everywhere. It is used to update state variables like the executionNonce.
executionState[_srcChainId][nonce] = STATUS_RETRIEVE; executionState[_srcChainId][_depositNonce] = STATUS_DONE; executionState[_srcChainId][_depositNonce] = STATUS_DONE;
_srcChainId is also used for checking if localTokens or globalTokens exist, it is used to perform _performFallback.
Ulysses also uses localChainId in multiple contracts. For example, in RootBridgeAgent.sol, localChainID is used to check if destination chainID == localChainId:
if (_dstChainId != localChainId) {
The project won't be able to function properly anymore, this includes problems like:
Manual Review.
Add a admin restricted setter to change the ChainId.
Other
#0 - c4-pre-sort
2023-10-12T07:39:00Z
0xA5DF marked the issue as duplicate of #415
#1 - c4-pre-sort
2023-10-12T07:39:08Z
0xA5DF marked the issue as sufficient quality report
#2 - c4-pre-sort
2023-10-12T07:39:17Z
0xA5DF marked the issue as high quality report
#3 - c4-pre-sort
2023-10-12T07:39:55Z
0xA5DF marked the issue as sufficient quality report
#4 - c4-judge
2023-10-26T10:42:16Z
alcueca changed the severity to QA (Quality Assurance)
#5 - c4-judge
2023-10-26T10:43:27Z
alcueca marked the issue as grade-a