Project

Summary

• The NativeMetaTransaction::executeMetaTransaction function is expected to call functions of the contract which inherits it on the behalf of other users via their signed message and takes in a function signature to determine which function to call.

• But taking a function signature is not sufficient to call a function, as it also requires arguments to be passed to it on the basis of which certain tasks are performed within the function. Due to the missing arguments intake from users, it will make a function call with empty arguments resulting in unintended behavior.

Vulnerability Details

• The vulnerability lies in the NativeMetaTransaction::executeMetaTransaction function where it takes the function signature from the relayer to call the function on the behalf of address specified by userAddress, but the function signature is not sufficient to call a function as call will be placed to the function with incorrect arguments resulting in unintended behavior.

• The address of user specified by userAddress signs a transaction involving the function signature and other necessary parameters but the executeMetaTransaction doesn't contain any stuff related to the arguments to call for that function signature.

• This results in making the NativeMetaTransaction contract unsuable as signed transaction can't be executed by the relayer.

Impact

Signed transactions of user cannot be executed via NativeMetaTransaction::executeMetaTransaction leaving the contract unusable.

Tools Used

Manual Review

Recommendations

Along with the function signature include the data that represents the arguments to called for the function whose function signature is passed in NativeMetaTransaction::executeMetaTransaction.