Lack of Deadline in MetaTransaction Struct
Summary
The MetaTransaction struct in the NativeMetaTransaction contract lacks a deadline parameter, By not including an expiration time for signed meta-transactions, there is no restriction on when a relayer can execute a transaction which could lead to unintended consequences for the user.
Vulnerability Details
The MetaTransaction struct currently does not include a deadline, allowing relayers to execute a signed meta-transaction at any point in the future, as long as the nonce has not changed.
Without a time constraint, a relayer may delay executing the transaction until conditions are more favorable for them (e.g., gas prices drop or contract conditions change). This lack of control can lead to unexpected transaction behavior and loss of user trust.
Impact
Since a meta-transaction remains valid as long as its nonce is valid, users are vulnerable to long-term risks including front-running and execution during unfavorable market conditions as they cannot specify an expiration window for their transaction.
Tools Used
Manual Analysis
Recommendations
Add a deadline parameter to the MetaTransaction struct and validate it during the execution of the meta-transaction
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.