Security Finding
Description
This reentrancy vulnerability arises because the mixin’s meta-transaction flow treats the signer context as global during execution, allowing untrusted reentrant callers to inherit signer privileges and bypass _msgSender()-based authorization in every inheriting contract. By design, BySig::bySig() accepts arbitrary signer-approved payloads that often perform external interactions, so leaking the signer identity during those interactions creates a practical path to impersonate the signer.
[Truncated - see PR for full details]
Location
BySig.sol:L120-L129 in bySig (BySig)BySig.sol:L195-L201 in _msgSender (BySig)
Impact
All contracts inheriting BySig that rely on _msgSender() for authorization can have signer-only methods executed without a signature whenever their signed logic performs an external call, enabling theft of the signer’s funds or unauthorized configuration changes and potentially seizing global protocol assets.
Recommendation
Track the relayer alongside the signer and ensure _msgSender() only returns the stored signer when the current frame is still owned by the relayer, or otherwise block external reentrancy while the signer stack is non-empty. One approach is illustrated below:
[Truncated - see PR for full details]
Created by CARA Security Audit via Cygent
Security Finding
Description
This reentrancy vulnerability arises because the mixin’s meta-transaction flow treats the signer context as global during execution, allowing untrusted reentrant callers to inherit signer privileges and bypass
_msgSender()-based authorization in every inheriting contract. By design,BySig::bySig()accepts arbitrary signer-approved payloads that often perform external interactions, so leaking the signer identity during those interactions creates a practical path to impersonate the signer.[Truncated - see PR for full details]
Location
BySig.sol:L120-L129inbySig(BySig)BySig.sol:L195-L201in_msgSender(BySig)Impact
All contracts inheriting BySig that rely on _msgSender() for authorization can have signer-only methods executed without a signature whenever their signed logic performs an external call, enabling theft of the signer’s funds or unauthorized configuration changes and potentially seizing global protocol assets.
Recommendation
Track the relayer alongside the signer and ensure
_msgSender()only returns the stored signer when the current frame is still owned by the relayer, or otherwise block external reentrancy while the signer stack is non-empty. One approach is illustrated below:[Truncated - see PR for full details]
Created by CARA Security Audit via Cygent