Assessment reports>Hyperlane Starknet>High findings>The protocol fee hook will always be reverted
Category: Business Logic

The protocol fee hook will always be reverted

High Severity
High Impact
High Likelihood

Description

The protocol fee hook is the hook that collects the protocol fee from the sender of the message. Specifically, the function post_dispatch transfers the protocol fee from the caller address to itself:

fn _post_dispatch(ref self: ContractState, _metadata: Bytes, _message: Message) {
    let token_dispatcher = IERC20Dispatcher { contract_address: self.fee_token.read() };
    let caller_address = get_caller_address();
    let contract_address = get_contract_address();
    let user_balance = token_dispatcher.balance_of(caller_address);
    assert(user_balance != 0, Errors::INSUFFICIENT_BALANCE);
    let protocol_fee = self.protocol_fee.read();
    assert(
        token_dispatcher.allowance(caller_address, contract_address) >= protocol_fee,
        Errors::INSUFFICIENT_ALLOWANCE
    );
    token_dispatcher.transfer_from(caller_address, contract_address, protocol_fee);
}

However, it should be noted that the caller of the function post_dispatch is the Mailbox contract, which is not intended to pay the fee, causing the fee collection to fail.

Impact

The protocol fee hook will be reverted always, which may cause a failure in the dispatching of a message.

Recommendations

Consider changing the logic of the fee collection, considering the exact flow of the fee.

Remediation

This issue has been acknowledged by Pragma, and a fix was implemented in commit e6388f31.

Zellic © 2025Back to top ↑