Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

L-2: The visibility of the hashMetaTransaction function should be set to internal throughout the meta-transaction verification process

0x27281m

Description

hashMetaTransaction: Used to compute the message hash of a Meta Transaction. This hash is typically used for subsequent signature verification and is part of the internal steps in the Meta Transaction verification process.

Therefore, for security reasons, the visibility of the hashMetaTransaction function should be set to internal. The Meta Transaction processing flow should be encapsulated and not expose internal implementation details. Additionally, the intermediate results of the hash computation should not be directly accessible from outside.

Impact

Once the attacker knows the hash calculation method, they could call this function to obtain the Meta Transaction message hash. Then, they might try to exploit the executeMetaTransaction function to construct a specific hash in advance for a front-running attack.

Recommendations

function hashMetaTransaction(MetaTransaction memory metaTx)
- public
+ internal
pure
returns (bytes32)
{
return
keccak256(
abi.encode(
META_TRANSACTION_TYPEHASH,
metaTx.nonce,
metaTx.from,
keccak256(metaTx.functionSignature)
)
);
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.