Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(contracts): OZ-L08 Redundancy of Replaying Messages in L2ScrollMessenger #850

Conversation

zimpha
Copy link
Member

@zimpha zimpha commented Aug 22, 2023

Purpose or design rationale of this PR

This PR partially fixed the issue reported by Openzepplin (L-08 Redundancy of Replaying Messages in L2ScrollMessenger). The following are the details:

The logic to retry messages sent from L1 to L2 lives solely in the replayMessage function in L1ScrollMessenger. In addition, the maximum number of times that a message can be replayed as well as the replayStates are also located in L1ScrollMessenger.

However, the L2ScrollMessenger also contains a maxFailedExecutionTimes state variable and a l1MessageFailedTimes mapping, which are tracking the same values as on the L1 side. When executing a message in L2ScrollMessenger, it uses these variables to determine whether or not a transaction will succeed. However, given that the maximum number of failed execution times can be updated to be a different value than that on the L1 side, this could cause confusion for a user who replays a transaction from L1. This duplication of function can also result in future issues when refactoring code, which could lead to future vulnerabilities.

Consider removing all code related to replaying messages in L2ScrollMessage to reduce code duplication as well as the potential surface of future errors.

PR title

Your PR title must follow conventional commits (as we are doing squash merge for each PR), so it must start with one of the following types:

  • fix: A bug fix

Deployment tag versioning

Has tag in common/version.go been updated?

  • No, this PR doesn't involve a new deployment, git tag, docker image tag
  • Yes

Breaking change label

Does this PR have the breaking-change label?

  • No, this PR is not a breaking change
  • Yes

@zimpha zimpha added the bug Something isn't working label Aug 22, 2023
@zimpha zimpha self-assigned this Aug 22, 2023
@codecov
Copy link

codecov bot commented Aug 25, 2023

Codecov Report

Merging #850 (8279c0c) into develop (6631569) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff            @@
##           develop     #850   +/-   ##
========================================
  Coverage    51.28%   51.28%           
========================================
  Files           60       60           
  Lines         5588     5588           
========================================
  Hits          2866     2866           
  Misses        2483     2483           
  Partials       239      239           
Flag Coverage Δ
bridge 63.51% <ø> (ø)
common 55.43% <ø> (ø)
coordinator 19.15% <ø> (ø)
database 42.85% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@github-actions
Copy link

LCOV of commit 8279c0c during Contracts #1327

Summary coverage rate:
  lines......: 54.1% (969 of 1790 lines)
  functions..: 71.3% (216 of 303 functions)
  branches...: no data found

Files changed coverage rate: n/a

@0xmountaintop 0xmountaintop merged commit fecd129 into develop Aug 25, 2023
22 checks passed
@0xmountaintop 0xmountaintop deleted the fix/redundancy_of_replaying_messages_in_L2ScrollMessenger branch August 25, 2023 08:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants