🖊️Copy of Understanding the Vulnerability of Blocking LayerZero Channels

Overview of the Vulnerability

In LayerZero-based cross-chain communication systems, gas miscalculation is a critical vulnerability that can lead to either wasted gas or, more severely, failed cross-chain transactions. This type of vulnerability typically arises when gas costs for cross-chain messages are incorrectly calculated due to discrepancies between the gas configurations of the source chain and the destination chain. In LayerZero, the delivery of messages across chains is highly dependent on accurate gas estimation.

A mismatch between the gas configurations can lead to two outcomes:

  1. Overpaying for Gas: If too much gas is allocated, the excess gas is wasted, though it may be refunded to the caller.

  2. Underpricing the Gas Cost: If too little gas is allocated, the cross-chain transaction may fail, leading to stuck assets or messages. This is particularly dangerous for assets such as NFTs, where failure in message delivery can result in assets being irretrievably stuck between chains.

Why Gas Miscalculation Happens

  1. Source vs. Destination Chain Gas Configurations: LayerZero’s cross-chain messaging system requires gas to be calculated for both the source and destination chains. The issue arises when the source chain's gas configuration is used to calculate the gas required for the destination chain’s message processing. Since gas costs vary between different chains, using the source chain’s gas configuration can result in significant discrepancies.

  2. DstConfig Misconfiguration: In LayerZero, destination chain gas configurations (DstConfig) are stored in a mapping keyed by chain ID. This allows the protocol to accurately calculate gas for each chain based on its specific requirements. However, when the wrong gas values (e.g., source chain’s baseGas and gasPerByte) are used for a destination chain transaction, the gas estimation will be inaccurate.

  3. No Fallback Handling: The lack of adequate fallback handling in case of failed transactions exacerbates this vulnerability. When a cross-chain transaction fails due to underpricing gas, the system does not properly handle the error, leaving assets (such as NFTs) stuck in limbo, with no way to recover or retry the transaction.

Impact of the Vulnerability

The impact of gas miscalculation in LayerZero cross-chain operations varies in severity depending on the nature of the transaction and the discrepancy in gas pricing:

  1. Wasted Gas: If too much gas is allocated for the transaction, the excess gas is effectively wasted. While the caller may receive a refund for the unused gas, it still results in inefficient use of resources and unnecessary costs for users.

  2. Stuck Assets and Failed Transactions: A more serious consequence of underpricing gas is that cross-chain messages may fail. When this happens, critical assets, such as NFTs, can become stuck between chains, potentially lost forever. Since the LayerZero protocol does not emit an event to signal the failure of the lzReceive() function, users and operators may not even be aware that the asset is stuck or that the transaction has failed.

    • Example: If an NFT is being transferred from Chain A to Chain B, and the gas required for Chain B’s message processing is underpriced, the transaction will revert, leaving the NFT stuck on Chain A. Without an event being emitted to notify operators of the failure, the NFT may remain irrecoverable.

Real-World Example: Gas Miscalculation in the LayerZeroModule

In the LayerZeroModule.sol contract of the Holograph protocol, cross-chain messaging primitives are handled through LayerZero. To estimate gas pricing, the contract uses the DstConfig struct exposed in LayerZero’s RelayerV2. However, the issue arises when the source chain’s baseGas and gasPerByte configuration parameters are used to calculate the gas cost for the destination chain’s message.

Because different chains have different gas requirements, this miscalculation can lead to two scenarios:

  • Wasting Excess Gas: If the gas requirements of the destination chain are lower than the gas calculated based on the source chain’s configuration, excess gas will be refunded to the caller, but resources are still wasted.

  • Underpricing Gas: If the gas requirements of the destination chain are higher, the transaction will revert due to insufficient gas, and assets such as NFTs may become stuck between chains without any recovery mechanism.

Mitigation Strategies

1. Use Destination Chain Gas Configurations

The primary way to prevent gas miscalculations is to ensure that the gas calculations are based on the destination chain’s gas costs, not the source chain’s. LayerZero’s DstConfig mapping provides the appropriate gas settings for each destination chain based on its chain ID. Developers should always refer to the destination chain’s gas parameters (baseGas and gasPerByte) to accurately estimate the gas required for cross-chain message processing.

  • Best Practice: Ensure that the LayerZero module retrieves and uses gas configurations from the destination chain’s DstConfig struct when estimating gas. This will prevent the system from overpricing or underpricing gas for cross-chain messages.

2. Re-engineer the lzReceive() Function

The lzReceive() function is a critical part of LayerZero’s message handling, where cross-chain messages are received and processed. However, if the transaction fails due to insufficient gas, there is no fallback mechanism to handle this failure. Re-engineering lzReceive() to be more fault-tolerant can help prevent assets from getting stuck in limbo.

  • Best Practice: Reserve a portion of gas to ensure that the lzReceive() function can emit a failure event even when the primary transaction fails. This will allow operators to detect and address failed cross-chain transactions.

3. Introduce a Retry Mechanism

To mitigate the risk of permanently stuck assets, protocols should implement a retry mechanism for failed cross-chain transactions. If a message fails due to underpriced gas, the system should allow the transaction to be retried with the correct gas settings, either automatically or manually by an operator.

  • Best Practice: Implement a fallback system that detects failed lzReceive() calls and retries the message with updated gas pricing from the destination chain.

4. Notify Users and Emit Failure Events

When a transaction fails due to gas mispricing, it is important to notify the relevant parties (such as users or operators) to ensure that the issue is addressed in a timely manner. Protocols should emit failure events whenever a cross-chain transaction fails, providing transparency and enabling operators to take corrective action.

  • Best Practice: Emit an event when a transaction reverts due to gas miscalculation, providing details on the failure and allowing operators to debug and retry the transaction if necessary.

Conclusion

Gas miscalculation is a serious vulnerability in LayerZero-based cross-chain communication systems that can lead to wasted gas or, more critically, stuck assets such as NFTs. This issue occurs when the source chain’s gas configuration is incorrectly used for the destination chain, resulting in underpriced gas costs and failed transactions.

By implementing proper mitigation strategies—such as using the destination chain’s gas configurations, improving the fault tolerance of the lzReceive() function, and adding a retry mechanism—developers can ensure that their cross-chain messaging systems remain resilient and secure. This will protect users from losing assets and help maintain the reliability and efficiency of cross-chain operations.

PreviousUnderstanding the Vulnerability of Blocking LayerZero ChannelsNextTutorial 34: Forgetting to Update the Global State in Smart Contracts

Last updated