I was the auditor that identified and reported a vulnerability in @thirdweb's contracts. Now that the issue is public, I can talk about how it was discovered and how it all went down.
@sherlockdefi StETH is a rebasing token, where users balances tend to increase over time based on ETH staking rewards. Since you are storing a users deposited balance and not its equivalent shares at that time, stETH rewards earned would remain stuck in this contract.
@0xaltyni No, delegate call maintains the same context. msg.sender, msg.value, address(this) and so on are all the same. Delegate call essentially grabs logic from a specified address (in this cases itself) and continues to execute it as if it was part of the called functions bytecode.
7. The underlying cause of this issue--i.e. the interaction between meta transactions and self-delegate/low-level calls--was not properly documented or well known.
@0xaltyni Delegate calls maintain the context of the call. A contract delegate calling to itself does not change the msg.sender to address(this), so that would not resolve the issue. Properly handling the context in these cases when enabling meta transactions is the resolution.
9. The biggest lesson to take away is no matter how widely adopted and trusted contracts are, if they are secure independently, they still may not be secure when used together, no matter how trivial they may seem.
8. Warnings, at the very least, should be added to all meta transaction repositories regarding this interaction, with explicit remarks about its use with multicall functionality, to prevent this situation from occurring again.
I was the auditor that identified and reported a vulnerability in @thirdweb's contracts. Now that the issue is public, I can talk about how it was discovered and how it all went down.
5. I was impressed with their professionalism and commitment to resolving this issue as best as they could for their customers, users, and the community at large.
3. Upon learning about this, I recognized many of thirdwebโs contracts followed the same pattern and were vulnerable. I immediately wrote up a POC and contacted thirdweb, which then started the chain of events leading up to now.
2. This is practically a new attack vector. I came across the vuln while auditing another project; one of @Iosiro_securityโs internal reports listed this critical issue for their own client.
@calyptus_web3 Yes it could be gas optimized and storage writes are unnecessary each time. It will also continue to increment if called again, which breaks the intended spec of having num = the sum of the first 200,000 integers.
@White_Oak_Kong @0xCygaar@SteadyStackNFT If any of these whitelisted addresses are contracts with upgradability, then they could update to have its onERC721Received function preform this exploit. There may well be someone with an upgradable smart contract wallet on that list.