Post-mortem: Relayer Private Transaction Policy Issue

At 14:21:02 UTC on Feb. 28, 2023, a user contacted OpenZeppelin to report a potential issue with OpenZeppelin Defender. A transaction that was sent using a Defender Relayer with a policy set to private appeared on the public mempool. During the process of investigation through fix, OpenZeppelin maintained open communications with the affected user.


OpenZeppelin received the affected user's communications at 16:10:44 UTC and began an investigation immediately. It was discovered that the identified transaction was initially delivered by Defender to the Flashbots Protect service, however it failed to be mined (outbid based on gas payment policy set on the Relayer) and after 2 minutes Defender initiated a resubmission process which is a feature of Defender Relayers. The resubmission however failed to appropriately maintain transaction privacy due to a bug in the logic tied to the particular set of Relayer policies.


OpenZeppelin identified the bug, prepared and tested a fix, and issued the fix to production at 02:09 UTC on Mar. 1, 2023. OpenZeppelin has also added additional automated testing to protect against any future recurrence.


OpenZeppelin has reviewed all prior transactions sent using Defender Relayers private transactions policy. One instance of the same situation was discovered on one prior user transaction, and OpenZeppelin confirmed that the affected user was aware. According to all evidence reviewed, no other users of Defender Relayers private transaction policies have been affected.