Merge pull request #51 from EnsoBuild/layerzero-chainsec

PeterMPhillips · web-flow · commit 07bfbe0f4169 · 2025-09-15T15:38:51.000-07:00
LayerZeroReceiver Chainsec audit issues
diff --git a/script/EnsoReceiverDeployer.s.sol b/script/EnsoReceiverDeployer.s.sol
@@ -12,10 +12,7 @@ contract EnsoReceiverDeployer is Script {
     address OWNER = 0x826e0BB2276271eFdF2a500597f37b94f6c153bA;
     address BACKEND_SIGNER = 0xFE503EE14863F6aCEE10BCdc66aC5e2301b3A946;
 
-    function run()
-        public
-        returns (EnsoReceiver implementation, ERC4337CloneFactory factory)
-    {
+    function run() public returns (EnsoReceiver implementation, ERC4337CloneFactory factory) {
         uint256 deployerPrivateKey = vm.envUint("PRIVATE_KEY");
 
         vm.startBroadcast(deployerPrivateKey);
diff --git a/script/LayerZeroDeployer.s.sol b/script/LayerZeroDeployer.s.sol
@@ -45,7 +45,7 @@ contract LayerZeroDeployer is Script {
             router = 0xF75584eF6673aD213a685a1B58Cc0330B8eA22Cf;
         }
 
-        lzReceiver = address(new LayerZeroReceiver{ salt: "LayerZeroReceiver" }(endpoint, router, deployer, 100_000));
+        lzReceiver = address(new LayerZeroReceiver{ salt: "LayerZeroReceiver" }(endpoint, router, deployer));
 
         vm.stopBroadcast();
     }
diff --git a/src/bridge/LayerZeroReceiver.sol b/src/bridge/LayerZeroReceiver.sol
@@ -13,43 +13,40 @@ contract LayerZeroReceiver is Ownable, ILayerZeroComposer {
     using SafeERC20 for IERC20;
 
     address private constant _NATIVE_ASSET = address(0);
-    uint256 private constant _TRY_CATCH_GAS = 2000;
 
     address public immutable endpoint;
     IEnsoRouter public immutable router;
 
-    uint256 public reserveGas;
-
     mapping(address => bool) public validOFT;
     mapping(address => bool) public validRegistrar;
+    mapping(bytes32 => bool) public messageExecuted;
 
     event ShortcutExecutionSuccessful(bytes32 guid);
     event ShortcutExecutionFailed(bytes32 guid, bytes error);
     event OFTAdded(address oft);
     event OFTRemoved(address oft);
     event RegistrarAdded(address account);
     event RegistrarRemoved(address account);
-    event ReserveGasUpdated(uint256 amount);
     event FundsCollected(address token, uint256 amount);
 
-    error InsufficientGas(bytes32 guid);
+    error InsufficientGas(bytes32 guid, uint256 estimatedGas, uint256 availableGas);
     error NotEndpoint(address sender);
     error NotRegistrar(address sender);
     error NotSelf();
     error TransferFailed(address receiver);
     error InvalidOFT(address oft);
     error EndpointNotSet();
     error RouterNotSet();
-    error InvalidArrayLength();
+    error InvalidMsgValue(uint256 actual, uint256 expected);
+    error MessageExecuted(bytes32 key);
 
-    constructor(address _endpoint, address _router, address _owner, uint256 _reserveGas) Ownable(_owner) {
+    constructor(address _endpoint, address _router, address _owner) Ownable(_owner) {
         if (_endpoint == address(0)) revert EndpointNotSet();
         if (_router == address(0)) revert RouterNotSet();
         endpoint = _endpoint;
         router = IEnsoRouter(_router);
         validRegistrar[_owner] = true;
-        reserveGas = _reserveGas;
-        emit ReserveGasUpdated(_reserveGas);
+        emit RegistrarAdded(_owner);
     }
 
     // layer zero callback
@@ -65,24 +62,23 @@ contract LayerZeroReceiver is Ownable, ILayerZeroComposer {
     {
         if (msg.sender != endpoint) revert NotEndpoint(msg.sender);
         if (!validOFT[_from]) revert InvalidOFT(_from);
+        bytes32 key = getMessageKey(_from, _guid, _message);
+        if (messageExecuted[key]) revert MessageExecuted(key);
 
         address token = IPool(_from).token();
 
         uint256 amount = _message.amountLD();
         bytes memory composeMsg = _message.composeMsg();
-        (address receiver, bytes memory shortcutData) = abi.decode(composeMsg, (address, bytes));
-
+        (address receiver, uint256 nativeDrop, uint256 estimatedGas, bytes memory shortcutData) =
+            abi.decode(composeMsg, (address, uint256, uint256, bytes));
+        if (msg.value < nativeDrop) revert InvalidMsgValue(msg.value, nativeDrop);
         uint256 availableGas = gasleft();
-        if (availableGas < reserveGas) revert InsufficientGas(_guid);
+        if (availableGas < estimatedGas) revert InsufficientGas(_guid, estimatedGas, availableGas);
+
         // try to execute shortcut
-        try this.execute{ gas: availableGas - reserveGas }(token, amount, shortcutData, msg.value) {
+        try this.execute(token, amount, shortcutData, msg.value) {
             emit ShortcutExecutionSuccessful(_guid);
         } catch (bytes memory err) {
-            if (err.length == 0 && gasleft() < reserveGas - _TRY_CATCH_GAS) {
-                // assume that the shortcut failed due to an out of gas error,
-                // to discourage griefing we will revert instead of transferring funds.
-                revert InsufficientGas(_guid);
-            }
             // if shortcut fails send funds to receiver
             emit ShortcutExecutionFailed(_guid, err);
             _transfer(token, receiver, amount);
@@ -145,19 +141,19 @@ contract LayerZeroReceiver is Ownable, ILayerZeroComposer {
         emit RegistrarRemoved(account);
     }
 
-    function setReserveGas(uint256 amount) external onlyOwner {
-        reserveGas = amount;
-        emit ReserveGasUpdated(amount);
+    // sweep funds to the contract owner in order to refund user
+    function sweep(bytes32 messageKey, address token, uint256 amount) external onlyOwner {
+        // message key is passed to block subsequent calls to lzCompose in case a failing message becomes executable.
+        // internal message data is not validated in case the message itself is malformed or incorrect
+        // (e.g. oft returns incorrect token)
+        messageExecuted[messageKey] = true;
+
+        _transfer(token, owner(), amount);
+        emit FundsCollected(token, amount);
     }
 
-    // sweep funds to the contract owner in order to refund user
-    function sweep(address[] memory tokens, uint256[] memory amounts) external onlyOwner {
-        if (tokens.length != amounts.length) revert InvalidArrayLength();
-        address receiver = owner();
-        for (uint256 i = 0; i < tokens.length; ++i) {
-            _transfer(tokens[i], receiver, amounts[i]);
-            emit FundsCollected(tokens[i], amounts[i]);
-        }
+    function getMessageKey(address from, bytes32 guid, bytes calldata message) public pure returns (bytes32) {
+        return keccak256(abi.encode(from, guid, message));
     }
 
     function _transfer(address token, address receiver, uint256 amount) internal {
diff --git a/test/Bridge.t.sol b/test/Bridge.t.sol
@@ -46,7 +46,7 @@ contract BridgeTest is Test {
         vm.selectFork(_ethereumFork);
         router = new EnsoRouter();
         shortcuts = EnsoShortcuts(payable(router.shortcuts()));
-        lzReceiver = new LayerZeroReceiver(address(this), address(router), address(this), 100_000);
+        lzReceiver = new LayerZeroReceiver(address(this), address(router), address(this));
 
         address[] memory ofts = new address[](2);
         ofts[0] = ethPool;
@@ -60,7 +60,7 @@ contract BridgeTest is Test {
         uint256 balanceBefore = weth.balanceOf(address(this));
 
         (bytes32[] memory commands, bytes[] memory state) = _buildWethDeposit(ETH_AMOUNT);
-        bytes memory message = _buildLzComposeMessage(ETH_AMOUNT, commands, state);
+        bytes memory message = _buildLzComposeMessage(ETH_AMOUNT, 0, 0, commands, state);
 
         // transfer funds
         (bool success,) = address(lzReceiver).call{ value: ETH_AMOUNT }("");
@@ -78,7 +78,7 @@ contract BridgeTest is Test {
 
         // TOO MUCH VALUE ATTEMPTED TO TRANSFER
         (bytes32[] memory commands, bytes[] memory state) = _buildWethDeposit(ETH_AMOUNT * 100);
-        bytes memory message = _buildLzComposeMessage(ETH_AMOUNT, commands, state);
+        bytes memory message = _buildLzComposeMessage(ETH_AMOUNT, 0, 0, commands, state);
 
         // transfer funds
         (bool success,) = address(lzReceiver).call{ value: ETH_AMOUNT }("");
@@ -91,32 +91,21 @@ contract BridgeTest is Test {
         assertEq(balanceBefore, address(this).balance);
     }
 
-    function testEthBridgeWithShortcutOutOfGas() public {
+    function testEthBridgeWithLessThanEstimateGas() public {
         vm.selectFork(_ethereumFork);
 
         (bytes32[] memory commands, bytes[] memory state) = _buildWethDeposit(ETH_AMOUNT);
-        bytes memory message = _buildLzComposeMessage(ETH_AMOUNT, commands, state);
+        // exact gas amount needed for execution
+        uint256 estimatedGas = 75_272;
+        bytes memory message = _buildLzComposeMessage(ETH_AMOUNT, 0, estimatedGas, commands, state); 
 
         // transfer funds
         (bool success,) = address(lzReceiver).call{ value: ETH_AMOUNT }("");
         if (!success) revert TransferFailed();
         // trigger compose with insufficient gas
-        vm.expectRevert();
-        lzReceiver.lzCompose{ gas: 108_000 }(ethPool, bytes32(0), message, address(0), "");
-    }
-
-    function testEthBridgeWithLessThanReserveGas() public {
-        vm.selectFork(_ethereumFork);
-
-        (bytes32[] memory commands, bytes[] memory state) = _buildWethDeposit(ETH_AMOUNT);
-        bytes memory message = _buildLzComposeMessage(ETH_AMOUNT, commands, state);
-
-        // transfer funds
-        (bool success,) = address(lzReceiver).call{ value: ETH_AMOUNT }("");
-        if (!success) revert TransferFailed();
-        // trigger compose with insufficient gas
-        vm.expectRevert();
-        lzReceiver.lzCompose{ gas: 99_000 }(ethPool, bytes32(0), message, address(0), "");
+        vm.expectRevert(abi.encodeWithSelector(LayerZeroReceiver.InsufficientGas.selector, bytes32(0), estimatedGas, estimatedGas - 1));
+        // exactly 1 less gas than needed for lz compose
+        lzReceiver.lzCompose{ gas: 85_663 }(ethPool, bytes32(0), message, address(0), ""); 
     }
 
     function testUsdcBridge() public {
@@ -125,7 +114,7 @@ contract BridgeTest is Test {
         uint256 balanceBefore = IERC20(usdc).balanceOf(vitalik);
 
         (bytes32[] memory commands, bytes[] memory state) = _buildTransfer(usdc, vitalik, USDC_AMOUNT);
-        bytes memory message = _buildLzComposeMessage(USDC_AMOUNT, commands, state);
+        bytes memory message = _buildLzComposeMessage(USDC_AMOUNT, 0, 0, commands, state);
 
         // transfer funds
         vm.startPrank(usdcPool);
@@ -145,7 +134,7 @@ contract BridgeTest is Test {
 
         (bytes32[] memory commands, bytes[] memory state) =
             _buildTokenAndValueTransfer(usdc, vitalik, USDC_AMOUNT, ETH_AMOUNT);
-        bytes memory message = _buildLzComposeMessage(USDC_AMOUNT, commands, state);
+        bytes memory message = _buildLzComposeMessage(USDC_AMOUNT, ETH_AMOUNT, 0, commands, state);
 
         // transfer funds
         vm.startPrank(usdcPool);
@@ -168,7 +157,7 @@ contract BridgeTest is Test {
 
         // TOO MUCH VALUE ATTEMPTED TO TRANSFER
         (bytes32[] memory commands, bytes[] memory state) = _buildTransfer(usdc, vitalik, USDC_AMOUNT * 100);
-        bytes memory message = _buildLzComposeMessage(USDC_AMOUNT, commands, state);
+        bytes memory message = _buildLzComposeMessage(USDC_AMOUNT, 0, 0, commands, state);
 
         // transfer funds
         vm.startPrank(usdcPool);
@@ -201,13 +190,8 @@ contract BridgeTest is Test {
         uint256 wethBalanceBefore = weth.balanceOf(address(this));
 
         // sweep
-        address[] memory tokens = new address[](2);
-        tokens[0] = eth;
-        tokens[1] = address(weth);
-        uint256[] memory amounts = new uint256[](2);
-        amounts[0] = address(lzReceiver).balance;
-        amounts[1] = weth.balanceOf(address(lzReceiver));
-        lzReceiver.sweep(tokens, amounts);
+        lzReceiver.sweep(bytes32(uint256(1)), eth, address(lzReceiver).balance);
+        lzReceiver.sweep(bytes32(uint256(2)), address(weth), weth.balanceOf(address(lzReceiver)));
 
         uint256 ethBalanceAfter = address(this).balance;
         uint256 wethBalanceAfter = weth.balanceOf(address(this));
@@ -219,6 +203,8 @@ contract BridgeTest is Test {
 
     function _buildLzComposeMessage(
         uint256 amount,
+        uint256 nativeDrop,
+        uint256 estimatedGas,
         bytes32[] memory commands,
         bytes[] memory state
     )
@@ -230,7 +216,7 @@ contract BridgeTest is Test {
         bytes memory shortcutData =
             abi.encodeWithSelector(shortcuts.executeShortcut.selector, bytes32(0), bytes32(0), commands, state);
         // encode callback data
-        bytes memory callbackData = abi.encode(address(this), shortcutData);
+        bytes memory callbackData = abi.encode(address(this), nativeDrop, estimatedGas, shortcutData);
         // encode message
         message = OFTComposeMsgCodec.encode(
             uint64(0),

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ contract LayerZeroDeployer is Script {`
`45`	`45`	`router = 0xF75584eF6673aD213a685a1B58Cc0330B8eA22Cf;`
`46`	`46`	`}`
`47`	`47`
`48`		`- lzReceiver = address(new LayerZeroReceiver{ salt: "LayerZeroReceiver" }(endpoint, router, deployer, 100_000));`
	`48`	`+ lzReceiver = address(new LayerZeroReceiver{ salt: "LayerZeroReceiver" }(endpoint, router, deployer));`
`49`	`49`
`50`	`50`	`vm.stopBroadcast();`
`51`	`51`	`}`