Allarious
low
The relayMessage function does not allow the replayability of the version 0 failed messages
The relayMessage function does not allow the replayability for the messages that are already played once successfully. However, for failed messages in failedMessages it is possible that they are replayed by any user in the network.
While this function supports the replayability for v1 messages, it does not support v0 failed messages and they should be sent through the other messenger first where in the case of L2 to L1 messages might take 7 days!
Users that had v0 failed messages should send their messages from the other messenger again and can not replay their transactions.
The related check happens in the below LoC: https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/universal/CrossDomainMessenger.sol#L302-L305
Manual Review
The failedMessages code can be easily changed to the code below:
bytes32 oldHash = Hashing.hashCrossDomainMessageV0(_target, _sender, _message, _nonce);
require(
failedMessages[versionedHash] || failedMessages[oldHash],
"CrossDomainMessenger: message cannot be replayed"
);