This is a breaking suggestion.
There has been findings associated with malicious execution:
- Gas limits
- DoS
- Reordering
The current implementation does not care for who executes a signed transaction. If this becomes a concern, we should consider requiring the Executor to be signed:
struct Calls {
address executor;
bytes32 mode;
uint256 nonce;
ERC7821.Call[] calls;
}With Calls.executor === 0 indicating free for all. The signature hash could be derived twice:
- Check
msg.sender
- Check
address(0)
Allowing for a calldata neutral change and if signed with msg.sender this would remain inline with the current efficiency.
This is a breaking suggestion.
There has been findings associated with malicious execution:
The current implementation does not care for who executes a signed transaction. If this becomes a concern, we should consider requiring the Executor to be signed:
With
Calls.executor === 0indicating free for all. The signature hash could be derived twice:msg.senderaddress(0)Allowing for a calldata neutral change and if signed with
msg.senderthis would remain inline with the current efficiency.