Zellic - Audit Reports

Function: `execute(ForwardRequestData calldata request)`

This function executes a metatransaction on behalf of a signer using the ERC-2771 protocol. This function validates the forward request, ensures proper value matching, and delegates execution to the internal _execute function with strict validation requirements.

Inputs

request.from
- Control: Full.
- Constraints: Must match the recovered signer from the signature verification.
- Impact: Prevents signature-replay attacks and ensures only the legitimate signer can execute transactions on their behalf.
request.to
- Control: Full.
- Constraints: Target address must trust this forwarder (checked via _isTrustedByTarget()).
- Impact: Ensures only contracts that explicitly trust this forwarder can receive forwarded calls, preventing unauthorized contract interactions.
request.value
- Control: Full.
- Constraints: Must exactly match msg.value (checked via msg.value != request.value).
- Impact: Ensures the ETH amount sent with the transaction matches the signed request, preventing value-manipulation attacks.
request.gas
- Control: Full.
- Constraints: Validated in _checkForwardedGas() to ensure sufficient gas was forwarded (minimum 1/63 of requested gas).
- Impact: Prevents gas-griefing attacks where relayers provide insufficient gas to cause subcall failures.
request.nonce
- Control: Full.
- Constraints: Must be unique and not previously used (checked via _nonces[nonce] mapping in _verifyAndStoreNonce()).
- Impact: Prevents replay attacks by ensuring each signed request can only be executed once.
request.deadline
- Control: Full.
- Constraints: Must be greater than or equal to the current block timestamp (request.deadline >= block.timestamp).
- Impact: Prevents execution of expired requests, ensuring time-sensitive transactions cannot be delayed indefinitely.
request.data
- Control: Full.
- Constraints: Data is hashed and included in signature verification via keccak256(request.data).
- Impact: Guarantees data integrity by ensuring the executed data matches exactly what was signed by the original signer.
request.signature
- Control: Full.
- Constraints: ECDSA signature verification via _recoverForwardRequestSigner() to recover signer from EIP-712 typed data hash.
- Impact: Ensures the request was actually signed by the claimed signer, preventing unauthorized transaction execution.

Branches and code coverage (including function calls)

Intended branches

Valid request with matching msg.value and request.value passes validation and executes successfully.

Successful execution with trusted forwarder, valid signature, and active deadline.

External call to target contract via target.call{value: value, gas: reqGas}(data) executes successfully.

Negative behavior

msg.value != request.value reverts with ERC2771ForwarderMismatchedValue.

_execute() returns false, causing a revert with Errors.FailedCall().

Nontrusted sender attempting to call the function reverts due to the onlyTrustedSender modifier.

Invalid signature verification fails in _validate() causing ERC2771ForwarderInvalidSigner revert.

Expired deadline (deadline < block.timestamp) causes ERC2771ForwarderExpiredRequest revert.

Target (request.to) not trusting forwarder causes ERC2771UntrustfulTarget revert.

A nonce already used causes NonceAlreadyUsed revert.

Insufficient gas forwarded triggers invalid opcode in _checkForwardedGas().

Function: execute(ForwardRequestData calldata request)

Inputs

Branches and code coverage (including function calls)

Function: `execute(ForwardRequestData calldata request)`