Reactor Trade

We express our gratitude to the Reactor Trade team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

PledgeSignature is a signature-based payment authorization system that allows users to execute pledges using either native tokens (ETH) or whitelisted ERC20 tokens. The contract acts as a trustless escrow that validates cryptographically signed authorization from off-chain signers before accepting user payments.

The system users should acknowledge all the risks summed up in the risks section of the report

{Finding_Table?columns=title,severity,status&setting.filter.type=Vulnerability}

Documentation quality

• Functional requirements are not provided.

• Technical description is not provided.

Code quality

• The development environment is  not configured.

• Best practice violations.

• Insufficient Gas modeling.

Test coverage

Code coverage of the project is 0%.

• No test suite is provided.

PledgeSignature is a signature-based payment authorization system that allows users to execute pledges using either native tokens (ETH) or whitelisted ERC20 tokens. The contract acts as a trustless escrow that validates cryptographically signed authorization from off-chain signers before accepting user payments.

The system integrates with a Rust backend through event emissions, enabling a hybrid on-chain/off-chain architecture where payment authorizations are generated off-chain but executed and enforced on-chain.

PledgeSignature.sol:

The main contract implementing the pledge authorization system with the following key features:

Core Functionality:

• Signature-based pledges: Users execute pledges by providing a signature from an authorized signer along with payment details

• Multi-token support: Accepts both native tokens (ETH via address(0)) and whitelisted ERC20 tokens

• EIP-712 compliance: Uses typed structured data hashing for secure signature verification

• Replay protection: Implements per-user nonce system to prevent replay attacks

• Token whitelist: Only pre-approved tokens can be used for pledges

Key Parameters:

• EIP-712 Domain:

• • Name: "PledgeSignature"

  • Version: "1"

• Nonce System: Per-user sequential nonces for replay protection

• Default Whitelisted Token Native token (address(0)) is whitelisted by default

Main Functions:

• pledgeWithSignature(): Primary function for executing pledges with signature authorization

• getSignatureHash(): Helper function for off-chain signature generation

• setTokenWhitelist() / setTokenWhitelistBatch(): Manage approved payment tokens

• withdraw(): Admin function to extract accumulated funds

• pause() / unpause(): Emergency circuit breaker functionality

Privileged Roles

The contract implements role-based access control using OpenZeppelin's AccessControl:

DEFAULT_ADMIN_ROLE

The admin role has the most extensive privileges and complete control over the system:

• Grant and revoke all roles including SIGNER_ROLE and TOKEN_MANAGER_ROLE

• Withdraw all accumulated funds (both native and ERC20 tokens) without restrictions

• Pause and unpause the entire contract, halting all pledge operations

• Appointed to contract deployer (msg.sender) at deployment

SIGNER_ROLE

Authorized signers can generate valid signatures for pledge transactions:

• Sign authorization messages that allow users to execute pledges

• Determine pledge parameters (amounts, tokens, deadlines)

• Control which transactions are authorized off-chain

TOKEN_MANAGER_ROLE

Token managers control which tokens are accepted for pledges:

• Add tokens to the whitelist via setTokenWhitelist()

• Remove tokens from the whitelist

• Batch whitelist operations via setTokenWhitelistBatch()

The scope of the project includes the following smart contracts from the provided repository:

Assets in Scope