Open code423n4 opened 2 years ago
Only agree for :
modifier onlyFactory() {
require(_msgSender() == factory, "NestedReserve: UNAUTHORIZED");
_;
}
For the others, without support for meta transactions in the recipient contract, an externally owned account can not use meta transactions to interact with releaseETH
and create
Handle
defsec
Vulnerability details
Impact
The use of _msgSender() when there is no implementation of a meta transaction mechanism that uses it, such as EIP-2771, very slightly increases gas consumption.
Proof of Concept
"https://github.com/code-423n4/2021-11-nested/blob/5d113967cdf7c9ee29802e1ecb176c656386fe9b/contracts/FeeSplitter.sol#L135" "https://github.com/code-423n4/2021-11-nested/blob/5d113967cdf7c9ee29802e1ecb176c656386fe9b/contracts/NestedFactory.sol#L111" "https://github.com/code-423n4/2021-11-nested/blob/5d113967cdf7c9ee29802e1ecb176c656386fe9b/contracts/NestedReserve.sol#L32"
Tools Used
Code review
Recommended Mitigation Steps
Replace _msgSender() with msg.sender if there is no mechanism to support meta-transactions like EIP-2771 implemented.