csanuragjain
medium
It seems there is no expiry or cancelling facility for retryMessage
. This could become a problem where an old failed transaction could be run at any point of time in future without any deadline
- Assume transaction X fails which adds this transaction to
failedMessages
via_storeFailedMessage
function
function _storeFailedMessage(uint16 _srcChainId, bytes memory _srcAddress, uint64 _nonce, bytes memory _payload, bytes memory _reason) internal virtual {
failedMessages[_srcChainId][_srcAddress][_nonce] = keccak256(_payload);
emit MessageFailed(_srcChainId, _srcAddress, _nonce, _payload, _reason);
}
-
User tries
retryMessage
but transaction fails due to certain condition. -
User understands that current condition does not allow the transaction to complete as of now. But now User has no way to cancel this
retryMessage
. This means anyone can execute this transaction in future even if it is not required
This could become a problem where an old failed transaction could be run at any point of time in future by anyone without any deadline, even when it was no longer required
Manual Review
Allow only X amount of duration post fail calls and if call is not processed during that time then it expires