Context: PolygonL1Switchboard, PolygonL2Switchboard NativeSwitchboardBase.sol
Severity: Medium
Description:
In NativeSwitchboardBase.sol, the receivePacket function is used to record the Merkle root for a given packet ID emitted by a remote switchboard
*/
function receivePacket(
bytes32 packetId_,
bytes32 root_
) external onlyRemoteSwitchboard {
packetIdToRoot[packetId_] = root_;
emit RootReceived(packetId_, root_);
}However, in both PolygonL1 and L2 switchboards, the modifier is overriden but always returns true.
* @notice This modifier overrides the onlyRemoteSwitchboard modifier in the NativeSwitchboardBase contract
*/
modifier onlyRemoteSwitchboard() override {
require(true, "ONLY_FX_CHILD");
_;
}This means that the function receivePacket can be called by anyone and any packet id could be rewritten to arbitrary value.
Estimated to have a severity of Medium because it fits in: Damage to users/protocol due to griefing
Recommendation:
Use the modifier as intended so it serves its purpose to restrict access.