Added L1 to L2 message failure as a possible issue (#140)

gustavo-grieco · montyly · smonicas · web-flow · commit 3e846a1a2a81 · 2022-11-03T14:21:12.000+01:00
* Added L2 to L1 message failure as a possible issue

* Title was wrong

* Update consider_L1_to_L2_message_failure.md

* Fixed

* Update not-so-smart-contracts/cairo/consider_L1_to_L2_message_failure.md

Co-authored-by: Simone &lt;79767264+smonicas@users.noreply.github.com&gt;

* Update not-so-smart-contracts/cairo/consider_L1_to_L2_message_failure.md

Co-authored-by: Simone &lt;79767264+smonicas@users.noreply.github.com&gt;

Co-authored-by: Feist Josselin &lt;josselin@trailofbits.com&gt;
Co-authored-by: Simone &lt;79767264+smonicas@users.noreply.github.com&gt;
diff --git a/not-so-smart-contracts/cairo/consider_L1_to_L2_message_failure.md b/not-so-smart-contracts/cairo/consider_L1_to_L2_message_failure.md
@@ -0,0 +1,28 @@
+# Consider L1 to L2 message failure
+
+In Starknet, [Ethereum contracts can send messages from L1 to L2, using a bridge](https://starknet.io/docs/hello_starknet/l1l2.html#messages-from-l1-to-l2). However, it is not guaranteed that the message will be processed by the sequencer. 
+For instance, a message can fail to be processed if there is a sudden spike in the gas price and the value provided is too low. For that reason, Starknet developers provided a 
+[API to cancel on-going messages](https://docs.starknet.io/docs/L1-L2%20Communication/messaging-mechanism/#l1--l2-messages)
+
+# Example
+
+Suppose that the following code to initiate L2 deposits from L1, taking the tokens from the user:
+
+```solidity 
+IERC20 public constant token; //some token to deposit on L2
+
+function depositToL2(uint256 to,  uint256 amount) public returns (bool) {
+    require(token.transferFrom(to, address(this), amount));
+    ..
+    StarknetCore.sendMessageToL2(..);
+    return true;
+}
+```
+
+If a L1 message is never processed by the sequencer, users will never receive their tokens either in L1 or L2, so they need a way to cancel it.
+
+As a more real example, a recent [AAVE audit](https://github.com/aave-starknet-project/aave-starknet-bridge/pull/106#issue-1336925381) highlighed this issue and required to add code to cancel messages. 
+
+# Mitigations
+
+When sending a message from L1 to L2, consider the case where a message is never processed by the sequencer. This can block either the contract to reach certain state or users to retrieve their funds. Allow to use `startL1ToL2MessageCancellation` and `cancelL1ToL2Message` to cancel ongoing messages, if needed. 
