search

code-423n4 / 2021-11-nested-findings

1 stars 1 forks source link

Inconsistent use of `_msgSender()` #169

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

WatchPug

Vulnerability details

Direct use of msg.sender vs internal call of _msgSender().

https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/operators/ZeroEx/ZeroExOperator.sol#L14-L18

constructor(address swapTarget) {
    address zeroxExStorage = Create2.deploy(0, bytes32("nested.zeroex.operator"), type(ZeroExStorage).creationCode);
    ZeroExStorage(zeroxExStorage).updatesSwapTarget(swapTarget);
    ZeroExStorage(zeroxExStorage).transferOwnership(msg.sender);
}
maximebrugel commented 2 years ago

There is no implementation of a meta transaction mechanism in the ZeroExOperator constructor

alcueca commented 2 years ago

Dispute accepted.