From 96b40d02c3fe836ffa19b6ed9217c3719c996f78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ernesto=20Garc=C3=ADa?= Date: Fri, 10 Jan 2025 14:59:14 -0600 Subject: [PATCH] Expose `_isTrustedByTarget` internally in ERC2771Forwarder (#5416) --- .changeset/famous-timers-compare.md | 5 +++++ contracts/metatx/ERC2771Forwarder.sol | 5 ++++- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 .changeset/famous-timers-compare.md diff --git a/.changeset/famous-timers-compare.md b/.changeset/famous-timers-compare.md new file mode 100644 index 000000000..2c8d18487 --- /dev/null +++ b/.changeset/famous-timers-compare.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`ERC2771Forwarder`: Expose the `_isTrustedByTarget` internal function to check whether a target trusts the forwarder. diff --git a/contracts/metatx/ERC2771Forwarder.sol b/contracts/metatx/ERC2771Forwarder.sol index 4a069874e..107878a50 100644 --- a/contracts/metatx/ERC2771Forwarder.sol +++ b/contracts/metatx/ERC2771Forwarder.sol @@ -302,8 +302,11 @@ contract ERC2771Forwarder is EIP712, Nonces { * * This function performs a static call to the target contract calling the * {ERC2771Context-isTrustedForwarder} function. + * + * NOTE: Consider the execution of this forwarder is permissionless. Without this check, anyone may transfer assets + * that are owned by, or are approved to this forwarder. */ - function _isTrustedByTarget(address target) private view returns (bool) { + function _isTrustedByTarget(address target) internal view virtual returns (bool) { bytes memory encodedParams = abi.encodeCall(ERC2771Context.isTrustedForwarder, (address(this))); bool success;