Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Orderly Network>Threat Model>sendMessage
GeneralOverview
Findings
Critical (1)
High (3)
Medium (4)
Informational (1)
DiscussionAdditional checksOverall issues with some functionsThe `changeFeeCollector` does not revertThe `tokenHash` is not a hash from `tokenAddress`
Threat ModelWhat are threat models?AccountTypeHelper.solAccountTypePositionHelper.sol
CrossChainRelayUpgradeable.solestimateGasFeereceiveMessagesendMessagesendMessageWithFeesetSrcChainIdupdateEndpointupgradeTowithdrawNativeTokenwithdrawToken
FeeManager.solLedger.solLedgerComponent.solLedgerCrossChainManagerUpgradeable.solMarketManager.solOperatorManager.solOperatorManagerComponent.solSignature.solVault.solVaultCrossChainManagerUpgradeable.solVaultManager.sol
Audit ResultsSummary

Function: sendMessage(OrderlyCrossChainMessage.MessageV1 data, byte[] payload)

This allows a caller (privileged role) to send a cross-chain message over the LZ endpoint.

Inputs

  • data

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The cross-chain message that will be sent.

  • payload

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The cross-chain message that will be sent.

Branches and code coverage

Intended branches

  • Assure that msg.value is greater than or equal to the native fee. Currently not implemented.

  • In case that user sends more than the native fee, the excess should be refunded. Currently not implemented, as the _refundAddress is set to address(this).

  • Estimate the native fee using lzEndpoint.estimateFees.

  • Call _lzSend with the estimated native fee.

Negative behavior

  • Should not be callable by anyone other than a trusted caller.

Zellic © 2025Back to top ↑