Omniscia Avant Protocol Audit
OFTUpgradeableWithCCIP Manual Review Findings
OFTUpgradeableWithCCIP Manual Review Findings
OFT-01M: Incorrect Integration of Gasless Transactions
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | OFTUpgradeableWithCCIP.sol:L50 |
Description:
The OFTUpgradeableWithCCIP::_ccipConsumeTokens function indicates that the contract is meant to be compatible with gasless token transactions (i.e. via forwarders), however, the underlying AbstractCCIPMessagingUpgradeable contract implementation relies on the msg.sender rather than a ContextUpgradeable::_msgSender result.
As such, any cross-chain operation will burn tokens from the gasless transaction sender yet will create a cross-chain payload as if it originates from the forwarder.
Impact:
A cross-chain transaction payload that would use a trusted forwarder would result in tokens being burned from the gasless transaction submitter and the actual cross-chain transaction to originate from the forwarder incorrectly.
Example:
48/// @inheritdoc AbstractCCIPMessagingUpgradeable49function _ccipConsumeTokens(uint256 _tokenAmount) internal override {50 _burn(_msgSender(), _tokenAmount);51}Recommendation:
We advise either consistent usage of the ContextUpgradeable::_msgSender to be observed across both implementations, or the OFTAdapterUpgradeableWithCCIP::_ccipConsumeTokens function to utilize the msg.sender, either of which we consider an acceptable alleviation to this exhibit.
Alleviation (c5b31e01e4d5cf94e0ef3523780c4aac764127bf):
The code was updated to utilize the msg.sender in the OFTUpgradeableWithCCIP::_ccipConsumeTokens function implementation, ensuring that the msg.sender is consistently utilized across the system and thus denoting that meta-transactions are not meant to be supported.