Description

LayerZero's LzApp has default blocking behavior, meaning that when a message is delivered on the receiving side of the chain and its execution fails, the entire cross-chain message exchange channel for that app is blocked. Sometimes this is a desired outcome, as the transaction can be analyzed and then retried or discarded by the admin if it is deemed wrong or malicious.

The potential issue is that when the app will have a large throughput of cross-chain messages, the admin/ off-chain infrastructure may not be able to keep up with the analysis of the failed transactions. This leads to increased downtime, which drastically affects user experience.

Impact

This issue can lead to the app being blocked for a long time, potentially leading to funds being locked up on the other side of the chain for an undesired amount of time. This is especially a concern when liquidations are involved, as the user's position may turn unhealthy while the app is blocked. The user would no longer be able to replenish their position on the other side of the chain as no actions can be performed on the app while it is blocked.

Recommendations

We recommend considering the usage of NonblockingLzApp↗, which allows the app to skip the failed transactions and retry them later.

Remediation

This finding has been acknowledged by Orderly Network. Their official response is paraphrased below:

This behavior is by design. That is because our cross-chain part is associated with asset deposit, withdraw, or rebalance which are very important activities. If one cross-chain message fails then subsequent messages are likely to fail as well, due to issues like insufficient funds. Therefore, we prioritize resolving these issues internally before resuming cross-chain operations.