Closed sherlock-admin2 closed 4 months ago
1 comment(s) were left on this issue during the judging contest.
WangAudit commented:
it's actually an interesting one; but I think it's maximum low/info; cause in the end the gas is refunded to the user and if they want; they can send it to their wallet
FassiSecurity
high
Gas Refunds can be lost
Summary
Due to the usage of
tx.origin
when handling gas, refunds meant for a smart contract wallet will be lost.Vulnerability Detail
There are two places where gas refunds are handled, either in
native ETH
:or in
ethToken
:The problem here lays in the usage of
tx.origin
. There is a clear direction on the Ethereum mainnet to move from EOA's to Smart Contract Wallets. The project is aware of this because, for example, they useisValidSignatureNow
:Which also provides the functionality for contract signatures to be validated.
However, in the case of the two examples of gas refunds, these get sent to the
tx.origin
. When a smart contract wallet interacts with this protocol, the smart contract wallet will not be thetx.origin
due to the nature of Account Abstraction, which means the refund will go to the wrong address sincetx.origin
will not be the smart contract wallet.Impact
This results in gas refund funds lost.
Code Snippet
https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/main/nouns-monorepo/packages/nouns-contracts/contracts/libs/GasRefund.sol#L34-L46
Tool used
Manual Review
Recommendation
Handle refunds differently for smart contract wallets.