Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Meta-Transaction Contract Wallet Incompatibility

0xnirix

Summary

The current meta-transaction implementation prevents smart contract wallets from using gasless transactions due to limited signature verification support.

Vulnerability Details

In NativeMetaTransaction.sol, the verify() function relies solely on ecrecover for signature validation:

function verify(

address signer,

MetaTransaction memory metaTx,

bytes32 sigR,

bytes32 sigS,

uint8 sigV

) internal view returns (bool) {

require(signer != address(0), "NativeMetaTransaction: INVALID_SIGNER");

return

signer ==

ecrecover(

toTypedMessageHash(hashMetaTransaction(metaTx)),

sigV,

sigR,

sigS

);

}

This implementation has two key limitations:

It only supports raw ECDSA signatures produced by Externally Owned Accounts (EOAs)
The signature validation mechanism lacks EIP-1271 support required for smart contract wallet signatures:
- No isValidSignature() check
- No contract signature validation path
- Hard comparison against ecrecover output only

This affects both the OWPIdentity.sol and MembershipFactory.sol contracts since they inherit from NativeMetaTransaction.

Impact

Smart contract wallets (e.g., Gnosis Safe, Argent) cannot execute gasless transactions
Institutional users with multi-sig wallets are blocked from meta-transaction functionality

Tools Used

Manual code review

Recommendations

Implement EIP-1271 support by adding contract signature validation:

function verifySignature(address signer, bytes32 hash, bytes memory signature) internal view returns (bool) {

// Try EIP-1271 check for smart contract wallets

try IERC1271(signer).isValidSignature(hash, signature) returns (bytes4 magicValue) {

return magicValue == 0x1626ba7e;

} catch {

// Fallback to EOA check

return signer == ECDSA.recover(hash, signature);

}

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

0xbrivan2 Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.