Security Finding
Description
This vulnerability falls under access control and stems from the way BySig::_msgSender() derives the logical caller. The helper blindly trusts the transient _msgSenders stack and returns the last pushed signer for any call as long as the stack is non‑empty, even if the current msg.sender is an unrelated contract that reentered mid-execution.
function _msgSender() internal view override virtual returns (address) {
uint256 length = _msgSenders.length();
if (length == 0) {
return super._msgSender();
}
return _msgSenders.unsafeAt(length - 1);
}
[Truncated - see PR for full details]
Location
BySig.sol:L120-L130 in bySig (BySig)BySig.sol:L143-L146 in sponsoredCall (BySig)BySig.sol:L195-L201 in _msgSender (BySig)TokenWithBySig.sol:L18-L29 in _chargeSigner (TokenWithBySig)
Impact
Any BySig-enabled contract that performs external calls while processing signed payloads can be reentered and have attacker-chosen functions executed under the victim signer’s identity. This enables theft of sponsored-call fees, unauthorized transfers, nonce corruption, or arbitrary privileged actions attributed to the signer.
Recommendation
Bind each stacked signer to the relayer (or call origin) that opened the meta-transaction and refuse to return the signer when a different caller reenters. One approach is to store (signer, relayer) pairs and verify msg.sender before using the stack entry.
[Truncated - see PR for full details]
Created by CARA Security Audit via Cygent
Security Finding
Description
This vulnerability falls under access control and stems from the way
BySig::_msgSender()derives the logical caller. The helper blindly trusts the transient_msgSendersstack and returns the last pushed signer for any call as long as the stack is non‑empty, even if the currentmsg.senderis an unrelated contract that reentered mid-execution.[Truncated - see PR for full details]
Location
BySig.sol:L120-L130inbySig(BySig)BySig.sol:L143-L146insponsoredCall(BySig)BySig.sol:L195-L201in_msgSender(BySig)TokenWithBySig.sol:L18-L29in_chargeSigner(TokenWithBySig)Impact
Any BySig-enabled contract that performs external calls while processing signed payloads can be reentered and have attacker-chosen functions executed under the victim signer’s identity. This enables theft of sponsored-call fees, unauthorized transfers, nonce corruption, or arbitrary privileged actions attributed to the signer.
Recommendation
Bind each stacked signer to the relayer (or call origin) that opened the meta-transaction and refuse to return the signer when a different caller reenters. One approach is to store
(signer, relayer)pairs and verifymsg.senderbefore using the stack entry.[Truncated - see PR for full details]
Created by CARA Security Audit via Cygent