Merge pull request #172 from maticnetwork/spoofing-disclaimer

add disclaimer for spoofing attack
maticnetwork · Dec 8, 2023 · d6c2118 · d6c2118
2 parents ece4e54 + cde8781
commit d6c2118
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/contracts/common/ContextMixin.sol b/contracts/common/ContextMixin.sol
@@ -1,5 +1,13 @@
 pragma solidity 0.6.6;
 
+/**
+ * @notice DISCLAIMER:
+ * Do not use NativeMetaTransaction and ContextMixin together with OpenZeppelin's "multicall"
+ * nor any other form of self delegatecall!
+ * Risk of address spoofing attacks.
+ * Read more: https://blog.openzeppelin.com/arbitrary-address-spoofing-vulnerability-erc2771context-multicall-public-disclosure
+ */
+
 abstract contract ContextMixin {
     function msgSender()
         internal

diff --git a/contracts/common/NativeMetaTransaction.sol b/contracts/common/NativeMetaTransaction.sol
@@ -1,5 +1,13 @@
 pragma solidity 0.6.6;
 
+/**
+ * @notice DISCLAIMER:
+ * Do not use NativeMetaTransaction and ContextMixin together with OpenZeppelin's "multicall"
+ * nor any other form of self delegatecall!
+ * Risk of address spoofing attacks.
+ * Read more: https://blog.openzeppelin.com/arbitrary-address-spoofing-vulnerability-erc2771context-multicall-public-disclosure
+ */
+
 import {SafeMath} from "@openzeppelin/contracts/math/SafeMath.sol";
 import {EIP712Base} from "./EIP712Base.sol";