H1 - GasReceipt injection using transferData

[PhABC]

by @Agusx1211

[PhABC]

I'm hesitant with this suggested fix, because when one assumes that a malicious dapp can make sign arbitrary transfer data, then the amount of harm they can do goes beyond gas fee reimbursement. For instance, a dapp could make you sell X for tokens Y on Niftyswap and transfer to themselves tokens Y instead of you receiving them.

Imo it should be the users and wallets responsibility to make sure that a user is aware of all the data that is signed such that nothing unintentional is included, where gasReceipt is just one example of things that the users need to verify.

[Agusx1211]

The way I see it, transferData is not expected to be able to manipulate the funds of the users, so any security mechanism designed to protect the user from a malicious dApp (UI, Audit, etc.) may oversee the possibility of some party injecting transferData.

It also should be considered that this injection can also be performed in reverse, meaning that a relayer could pass the gasReceipt as additional transferData, this could have unforeseen consequences that are hard to predict, and it would depend on the receiving contract. Still, it could open the door to attacks in the future.