4 issues in the L2CrossDomainMessenger.relayMessage() function. Described one after other.
Lines of code Vulnerability details Impact 1. Loss of funds. 2. Unpermitted function calls. Proof of Concept 1. The function proceeds only if successfulMessagesxDomainCalldataHash is false require successfulMessagesxDomainCalldataHash == false, "Provided message has already been received." ; but...