Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Maia DAO Ulysses Protocol>Threat Model>forceResumeReceive
GeneralOverview
Findings
Low (2)
DiscussionInsufficient verification in CoreRootRouterEnhanced validation in two functionsInaccurate status updateTest suite
Threat ModelWhat are threat models?BranchBridgeAgent.solBranchPort.sol
RootBridgeAgent.solforceResumeReceiveredeemSettlementretrieveSettlement
RootPort.solVirtualAccount.sol
Audit ResultsSummary

Function: forceResumeReceive(uint16 _srcChainId, bytes _srcAddress)

This allows anyone to call this function to delete stored payload to force resume cross-chain messaging communication.

Inputs

  • _srcChainId

    • Control: Full control by the caller.

    • Constraints: There are no constraints.

    • Impact: The storedPayload associated with this _srcChainId and _srcAddress will be deleted from the lzEndpoint contract.

  • _srcAddress

    • Control: Full control by the caller.

    • Constraints: There are no constraints.

    • Impact: The storedPayload associated with this _srcChainId and _srcAddress will be deleted from the lzEndpoint contract.

Branches and code coverage

No tests have been implemented for this function.

Function call analysis

  • ILayerZeroEndpoint(this.lzEndpointAddress).forceResumeReceive(_srcChainId, _srcAddress)

    • What is controllable? _srcChainId and _srcAddress are controlled by the caller.

    • If the return value is controllable, how is it used and how can it go wrong? There is no return value.

    • What happens if it reverts, reenters or does other unusual control flow? The function will revert if there is not stored payload for _srcAddress and _srcChainId in the lzEndpoint contract.

Zellic © 2025Back to top ↑