Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(contracts): OZ-M04 Use of Non-Production-Ready Trusted Forwarder #843

Merged
merged 7 commits into from Sep 2, 2023
Merged

fix(contracts): OZ-M04 Use of Non-Production-Ready Trusted Forwarder #843

merged 7 commits into from Sep 2, 2023

Conversation

zimpha
Copy link
Member

@zimpha zimpha commented Aug 21, 2023

Purpose or design rationale of this PR

This PR partially fixed the issue reported by Openzepplin (M-04 Use of Non-Production-Ready Trusted Forwarder). The following are the details:

The GasSwap contract inherits from ERC2771Context thereby allowing meta-transactions to work with its functions. It relies on a trusted forwarder that is set in the constructor. The trusted forwarder that it depends on is the MinimalForwarder , which is located in the External contract. However, the MinimalForwarder is not ready for production use and is mainly meant for testing.

By using the MinimalForwarder , ETH could potentially be lost. In addition, the MinimalForwader's signed requests do not expire and lack batching, which is useful when dealing with a large volume of requests to be forwarded.
Consider using OpenZeppelin's ERC2771Forwarder instead. While this contract is not available until v5.0 is released, the source code can be obtained from the master branch and inserted into the codebase.

PR title

Your PR title must follow conventional commits (as we are doing squash merge for each PR), so it must start with one of the following types:

  • fix: A bug fix

Deployment tag versioning

Has tag in common/version.go been updated?

  • No, this PR doesn't involve a new deployment, git tag, docker image tag
  • Yes

Breaking change label

Does this PR have the breaking-change label?

  • No, this PR is not a breaking change
  • Yes

@zimpha zimpha added the bug Something isn't working label Aug 21, 2023
@zimpha zimpha self-assigned this Aug 21, 2023
@github-actions
Copy link

github-actions bot commented Aug 21, 2023
edited

LCOV of commit 2b02052 during Contracts #1388

Summary coverage rate:
  lines......: 51.2% (995 of 1944 lines)
  functions..: 65.2% (223 of 342 functions)
  branches...: no data found

Files changed coverage rate: n/a

@icemelon icemelon added the bump-version Bump the version tag for deployment label Sep 1, 2023
icemelon
icemelon previously approved these changes Sep 1, 2023
View reviewed changes
@icemelon icemelon merged commit d668180 into develop Sep 2, 2023
4 checks passed
@icemelon icemelon deleted the fix/use_of_non-production-ready_trusted_forwarder branch September 2, 2023 09:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@icemelon icemelon icemelon approved these changes

Assignees

@zimpha zimpha

Labels
bug Something isn't working bump-version Bump the version tag for deployment
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@zimpha @icemelon