Lines of code
<https://github.com/pooltogether/ERC5164/blob/5647bd84f2a6d1a37f41394874d567e45a97bf48/src/ethereum-arbitrum/EthereumToArbitrumExecutor.sol#L31-L45>
The CrossChainExecutorArbitrum and CrossChainExecutorOptimism contracts both use CallLib library to invoke Calls on external contract. As per the CallLib library implementation, any failing Call results in the entire transaction getting reverted.
The CrossChainExecutor contracts does not store whether the calls in CallLib.Call[] were already attempted which failed.
This creates several issues for CrossChainExecutor contracts.
Offchain components can be tricked to submit failing Call[]s again and again. This can be used to drain the offchain component of gas.
Once a failing Call[] was invoked (which failed) and if again the same Call[] is invoked, the transaction should revert with CallsAlreadyExecuted error but it reverts with CallFailure error.
It is difficult to determine whether a to-be executed Call[] is pending or the invocation was already tried but failed.
PoCs for the above issues are listed below.
contract Foo {
function bar() public {
for(uint256 i; ; i++) {}
}
}
contract Foo {
function bar() public {
revert();
}
}
Manual review
The CrossChainExecutor contract should store whether a relayed call was attempted to be executed to make sure the execution cannot be tried again.
The CallLib library can be changed to not completely revert the transaction when any individual Call gets failed.
The text was updated successfully, but these errors were encountered:
All reactions