Zellic - Audit Reports

Function: `executeMessage(string calldata sourceChain, string calldata, bytes calldata payload, bytes[] calldata attributes)`

This function executes cross-chain messages by processing attributes to extract nonce information, validating the cross-chain sender, checking nonce uniqueness, and executing the provided payload on the current contract.

Inputs

sourceChain
- Control: Full.
- Constraints: N/A.
- Impact: Ensures nonce isolation between different source chains, preventing cross-chain replay attacks.
payload
- Control: Full.
- Constraints: N/A.
- Impact: Allows arbitrary function execution on the current contract, relying on access control for security.
attributes
- Control: Full.
- Constraints: N/A.
- Impact: Provides metadata, including nonce information required for replay-attack prevention.

Branches and code coverage (including function calls)

Intended branches

Valid cross-chain sender with proper nonce executes payload successfully.

Successful payload execution returns IERC7786Receiver.executeMessage.selector.

Failed payload execution with error data emits CallFailed event and continues.

Payload execution via address(this).call(payload) executes arbitrary functions on current contract.

Negative behavior

Unauthorized msg.sender fails _checkCrossChainSender() validation and reverts.

Invalid or reused nonce fails _useCheckedNonce() validation and reverts.

Payload execution failing without error data causes CallFailedWithoutError revert.

Function: executeMessage(string calldata sourceChain, string calldata, bytes calldata payload, bytes[] calldata attributes)

Inputs

Branches and code coverage (including function calls)

Function: `executeMessage(string calldata sourceChain, string calldata, bytes calldata payload, bytes[] calldata attributes)`