Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

NativeMetaTransaction.sol - Event MetaTransactionExecuted would be emitted even if transactions fails

0xzyphernix

Summary

To mitigate reentrancy issues Checks-Effects-Interactions(CEI) pattern is used. Events like MetaTransactionExecuted in the code would be emitted out of order to avoid reentrancy.

Vulnerability Details

To avoid re-entrancy code Event MetaTransactionExecuted is emitted before the external function call.

LINE: https://github.com/Cyfrin/2024-11-one-world/blob/main/contracts/meta-transaction/NativeMetaTransaction.sol#L54

Impact

Event MetaTransactionExecuted would be emitted even if transactions fail

Tools Used

Manual Code Review

Recommendations

Instead of using the Checks-Effects-Interactions pattern, it is recommended to use a reentrancy guard (such as ReentrancyGuard from OpenZeppelin). And emit the event MetaTransactionExecuted when the transaction has been successfully executed.

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
contract NativeMetaTransaction is EIP712Base, ReentrancyGuard {
// Existing code...
function executeMetaTransaction(
address userAddress,
bytes memory functionSignature,
bytes32 sigR,
bytes32 sigS,
uint8 sigV
) public payable nonReentrant returns (bytes memory) {
MetaTransaction memory metaTx = MetaTransaction({
nonce: nonces[userAddress],
from: userAddress,
functionSignature: functionSignature
});
require(
verify(userAddress, metaTx, sigR, sigS, sigV),
"Signer and signature do not match"
);
// increase nonce for user (to avoid re-use)
nonces[userAddress] = nonces[userAddress] + 1;
// Append userAddress and relayer address at the end to extract it from calling context
(bool success, bytes memory returnData) = address(this).call{value: msg.value}(
abi.encodePacked(functionSignature, userAddress)
);
require(success, "Function call not successful");
emit MetaTransactionExecuted(
userAddress,
msg.sender,
functionSignature,
hashMetaTransaction(metaTx)
);
return returnData;
}
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
0xbrivan2 Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.