Omniscia Avant Protocol Audit
OFTAdapterUpgradeableWithCCIP Manual Review Findings
OFTAdapterUpgradeableWithCCIP Manual Review Findings
OFA-01M: Incorrect Integration of Gasless Transactions
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | OFTAdapterUpgradeableWithCCIP.sol:L55 |
Description:
The OFTAdapterUpgradeableWithCCIP::_ccipConsumeTokens function indicates that the contract is meant to be compatible with gasless token transactions (i.e. via forwarders), however, the underlying AbstractCCIPMessagingUpgradeable contract implementation relies on the msg.sender rather than a ContextUpgradeable::_msgSender result.
As such, any cross-chain operation will extract tokens from the gasless transaction sender yet will create a cross-chain payload as if it originates from the forwarder.
Impact:
A cross-chain transaction payload that would use a trusted forwarder would result in tokens being extracted from the gasless transaction submitter and the actual cross-chain transaction to originate from the forwarder incorrectly.
Example:
53/// @inheritdoc AbstractCCIPMessagingUpgradeable54function _ccipConsumeTokens(uint256 _tokenAmount) internal override {55 IERC20(token()).safeTransferFrom(_msgSender(), address(this), _tokenAmount);56}Recommendation:
We advise either consistent usage of the ContextUpgradeable::_msgSender to be observed across both implementations, or the OFTAdapterUpgradeableWithCCIP::_ccipConsumeTokens function to utilize the msg.sender, either of which we consider an acceptable alleviation to this exhibit.
Alleviation (c5b31e01e4d5cf94e0ef3523780c4aac764127bf):
The code was updated to utilize the msg.sender in the OFTAdapterUpgradeableWithCCIP::_ccipConsumeTokens function implementation, ensuring that the msg.sender is consistently utilized across the system and thus denoting that meta-transactions are not meant to be supported.