Category: Coding Mistakes
Message incorrectly includes the size of body
Critical Severity
Critical Impact
High Likelihood
Description
The format_message
function in message.cairo appends the size of the message body before the message body:
fn format_message(_message: Message) -> (u256, Message) {
let sender: felt252 = _message.sender.into();
let recipient: felt252 = _message.recipient.into();
let mut input: Array<ByteData> = array![
// ...
ByteData {
value: _message.body.size().into(),
size: u64_word_size(_message.body.size().into()).into()
},
];
// ...
}
However, this does not match with the behavior of the Hyperlane protocol, which does not append the size of the body:
function formatMessage(
uint8 _version,
uint32 _nonce,
uint32 _originDomain,
bytes32 _sender,
uint32 _destinationDomain,
bytes32 _recipient,
bytes calldata _messageBody
) internal pure returns (bytes memory) {
return
abi.encodePacked(
_version,
_nonce,
_originDomain,
_sender,
_destinationDomain,
_recipient,
_messageBody
);
}
Impact
This can lead to incompatibility issues with the Hyperlane protocol, potentially causing message interpretation errors across different chains and implementations.
Recommendations
Consider removing the size when formatting a message into bytes.
Remediation
This issue has been acknowledged by Pragma, and a fix was implemented in commit 055424fc↗.