Project

Summary

The NativeMetaTransaction con tract does not implement any mechanism for whitelisting or detecting malicious relayers. As a result, any address can act as a relayer and invoke the executeMetaTransaction function. This issue exposes the contract to potential abuse as there is no check or restriction on who can submit transactions on behalf of users.

Vulnerability Details

https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/meta-transaction/NativeMetaTransaction.sol#L33

In typical meta-transaction setups, the relayer is an authorized entity responsible for submitting transactions to the blockchain on behalf of users who sign the transaction off-chain. However, in executeMetaTransaction, no checks are performed to verify the legitimacy of the relayer (i.e., the msg.sender), meaning that even an attacker or malicious actor can initiate the transaction flow without being authenticated.

This lack of control leaves the contract vulnerable to potential malicious actors who can manipulate function calls to their own advantage,Besides there is no any onchain mechanism to detect malicious relayers who participate in acts such as frontrunning

Impact

By acting as an untrusted relayer, attackers can front-run or hijack user-signed transactions, executing them in a way that benefits the attacker instead of the user.

Tools Used

Manual review

Recommendations

Only authorized relayers (whitelisted addresses) should be allowed to call the executeMetaTransaction function.