5 matches found
CVE-2025-46834
Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...
CVE-2025-46834 Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook
Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...
CVE-2025-46834
Summary: CVE-2025-46834 concerns Alchemy’s Modular Account (2.x branch) prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, where the allowlist module fails to check the path from executeUserOp to execute or executeBatch. This gap permits any session key to bypass access controls and access...
CVE-2025-46834 Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook
Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...
PT-2025-21362 · Unknown · Modular Account De Alchemy
Name of the Vulnerable Software and Affected Versions: Modular Account de Alchemy versions prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0 Description: The issue concerns a bug in the allowlist module of Modular Account de Alchemy, which is compatible with ERC-4337 and ERC-6900. This bug...