Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing support for meta-transactions prevents certain users from claiming their deserved rewards #57

Open
hats-bug-reporter bot opened this issue Jun 3, 2024 · 3 comments
Open

Missing support for meta-transactions prevents certain users from claiming their deserved rewards #57

hats-bug-reporter bot opened this issue Jun 3, 2024 · 3 comments
Labels
bug Something isn't working invalid This doesn't seem right

Comments

@hats-bug-reporter
Copy link

Github username: --
Twitter username: --
Submission hash (on-chain): 0x0e085b83e6da3f97a40915a72502baf541988814e30efb4b15bdb0ed67b342cd
Severity: high

Description:
Description

Meta-transactions allow users with not enough gas fees to use a Gas Station Network (GSN) to pay for the gas fees for their external call.

The concept of meta-transactions can be further understood in EIP-2771 - https://eips.ethereum.org/EIPS/eip-2771

Issue

The issue in the current Metrom.sol contract is that it does not support meta-transactions. This denies the users using a GSN from claiming their rewards. It also might affect campaign owners who might be using a GSN to create campaigns or perform ownership transfers but the main impact that is likely to occur is the users not being able to claim.

Severity

Meta-transactions and GSNs are widely used due to the existence of EIP-2771. The incompatibility of the Metrom.sol contract with meta-txs prevents users from claiming their deserved rewards. As the Ethereum ecosystem expands (especially with the advent of AA), gasless transactions will become to go-to for users (especially for such campaigns).

Due to these reasons, the severity is being marked as High since users lose out on their deserved rewards on the campaign.

Attachments

Metrom-0xfdfc6d4ac5807d7460da20a3a1c0c84ef2b9c5a2/src/Metrom.sol

Line 276 in e9d6b1e

uint256 _claimedAmount = _processRewardClaim(_getExistingCampaign(_bundle.campaignId), _bundle, msg.sender);

  1. Revised Code File (Optional)

Consider using OZ's Context.sol and replace msg.sender with the _msgSender() function in the claimRewards() function as well as functions that the campaign owner interacts with.
@hats-bug-reporter hats-bug-reporter bot added the bug Something isn't working label Jun 3, 2024
@luzzif luzzif added the invalid This doesn't seem right label Jun 3, 2024
@luzzif
Copy link

luzzif commented Jun 5, 2024

This is intentional and outside of the scope of the audit.

@mcgrathcoutinho
Copy link

@luzzif There was no mention of this in the out of scope section on the Hats site. Additionally, account abstraction (EIP-3074) already has been finally approved to be live on EVM chains in the upcoming hardfork.

I'd like you to reconsider this as a valid issue since it definitely would prevent these users from claiming their rewards.

@luzzif
Copy link

luzzif commented Jun 5, 2024

As I said, we don't intend to support meta-transactions in the first version of the contract.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@luzzif @mcgrathcoutinho