csanuragjain
low
It was observed that successfulMessages[oldHash] is never updated even when relay was success. This causes confusion for the backend scripts which rely on successfulMessages[oldHash] to obtain pending withdrawals
- A message with Version 0 (legacy) is relayed using
relayMessagefunction - It is checked whether this message has already been withdrawn using below check
if (version == 0) {
bytes32 oldHash = Hashing.hashCrossDomainMessageV0(_target, _sender, _message, _nonce);
require(
successfulMessages[oldHash] == false,
"CrossDomainMessenger: legacy withdrawal already relayed"
);
}- Once the relay is complete observe
successfulMessages[oldHash]is not updated and only hash with newer version is updated
if (success == true) {
successfulMessages[versionedHash] = true;
emit RelayedMessage(versionedHash);
}The leagcy withdrawal status will mark withdrawn message as unwithdrawn. This becomes a problem when backend Go code is collecting all GetPendingWithdrawals for processing and obtains the processed withdrawals as well
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/universal/CrossDomainMessenger.sol#L256-L343 https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/op-chain-ops/crossdomain/withdrawals.go#L65
Manual Review
Update the success condition to also update legacy withdrawal status
if (success == true) {
successfulMessages[versionedHash] = true;
if (version == 0) {
successfulMessages[oldHash] = true;
}
emit RelayedMessage(versionedHash);
}