From bcb02ffb28a45a61fb713de25230e958b201fd47 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ernesto=20Garc=C3=ADa?= <ernestognw@gmail.com>
Date: Mon, 6 Jan 2025 10:11:24 -0600
Subject: [PATCH 1/2] Expose  internally in ERC2771Forwarder

---
 .changeset/famous-timers-compare.md   | 5 +++++
 contracts/metatx/ERC2771Forwarder.sol | 6 +++++-
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/famous-timers-compare.md

diff --git a/.changeset/famous-timers-compare.md b/.changeset/famous-timers-compare.md
new file mode 100644
index 00000000000..2c8d184870b
--- /dev/null
+++ b/.changeset/famous-timers-compare.md
@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`ERC2771Forwarder`: Expose the `_isTrustedByTarget` internal function to check whether a target trusts the forwarder.
diff --git a/contracts/metatx/ERC2771Forwarder.sol b/contracts/metatx/ERC2771Forwarder.sol
index 4a069874ecb..4d188488874 100644
--- a/contracts/metatx/ERC2771Forwarder.sol
+++ b/contracts/metatx/ERC2771Forwarder.sol
@@ -302,8 +302,12 @@ contract ERC2771Forwarder is EIP712, Nonces {
      *
      * This function performs a static call to the target contract calling the
      * {ERC2771Context-isTrustedForwarder} function.
+     *
+     * NOTE: Consider the execution of this forwarder is permissionless. Without
+     * this check, users may approve token spending to this contract allowing
+     * any relayer to transfer their tokens.
      */
-    function _isTrustedByTarget(address target) private view returns (bool) {
+    function _isTrustedByTarget(address target) internal view virtual returns (bool) {
         bytes memory encodedParams = abi.encodeCall(ERC2771Context.isTrustedForwarder, (address(this)));
 
         bool success;

From 93bc05a3652c98c1eb90f60e26f025b5107efe50 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ernesto=20Garc=C3=ADa?= <ernestognw@gmail.com>
Date: Thu, 9 Jan 2025 20:00:25 -0600
Subject: [PATCH 2/2] Update contracts/metatx/ERC2771Forwarder.sol

Co-authored-by: Hadrien Croubois <hadrien.croubois@gmail.com>
---
 contracts/metatx/ERC2771Forwarder.sol | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/contracts/metatx/ERC2771Forwarder.sol b/contracts/metatx/ERC2771Forwarder.sol
index 4d188488874..107878a50a1 100644
--- a/contracts/metatx/ERC2771Forwarder.sol
+++ b/contracts/metatx/ERC2771Forwarder.sol
@@ -303,9 +303,8 @@ contract ERC2771Forwarder is EIP712, Nonces {
      * This function performs a static call to the target contract calling the
      * {ERC2771Context-isTrustedForwarder} function.
      *
-     * NOTE: Consider the execution of this forwarder is permissionless. Without
-     * this check, users may approve token spending to this contract allowing
-     * any relayer to transfer their tokens.
+     * NOTE: Consider the execution of this forwarder is permissionless. Without this check, anyone may transfer assets
+     * that are owned by, or are approved to this forwarder.
      */
     function _isTrustedByTarget(address target) internal view virtual returns (bool) {
         bytes memory encodedParams = abi.encodeCall(ERC2771Context.isTrustedForwarder, (address(this)));