SmartAccountFactory.sol - Account can be created for an owner and setting any entryPoint

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept The entrypoint is being set in the initargs... function of SmartAccount.sol. The problem is that the malicious users could create wallets for legitimate owners of wallets and set the...

Proxy creation isn't check in deployWallet function of SmartAccountFactory contract

Lines of code Vulnerability details The deployWallet function present in the SmartAccountFactory contract deploys a new wallet by creating a Proxy that points to a base implementation using assembly. function deployWalletaddress owner, address entryPoint, address handler public returnsaddress pro...

Unpreparedness for upgrades contracts that SmartAccount inherits

Lines of code Vulnerability details Description The SmartAccount contract inherits many contracts, some of which have their own storage management logic. In case of an upgrade, adding new storage variables to the inherited contracts will colapse the storage layout. This will create an inconvenien...

Non upgradeable version being used

Lines of code Vulnerability details Impact Based on the context and comments in the code, the SimpleAccount.sol and SmartAccount.sol contract is designed to be deployed as an upgradeable proxy contract. However, the current implementation is using an non-upgradeable version of the Initializable...

Bypass depositFor Contract Check

Lines of code Vulnerability details Validation will pass for a contract in construction; an address where a contract will be created; an address where a contract lived, but was destroyed. --- The text was updated successfully, but these errors were encountered: All reactions...

SmartAccount authorization can be bypassed using a contract signature

Lines of code Vulnerability details SmartAccount authorization can be bypassed using a contract signature The SmartAccount wallet supports contract signatures defined by EIP1271, similar to how Gnosis Safe does. Transactions to the wallet can be authorized by a contract that implements the...

Signature Replay Attack when EntryPoint contract is changed

Lines of code Vulnerability details Signature Replay Attack when EntryPoint contract is changed Impact User operations can be replayed on smart accounts once the EntryPoint is changed. This can lead to user's loosing funds or any unexpected behaviour that transaction replay attacks usually lead t...

Frontrunning of smart wallet deployment

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. An attacker could obtain information about the owner and 'index' parameters to front-run the deployment of a smart wallet. Proof of Concept Provide direct links to all referenced code in GitHub. Add...

validateUserOp does not check if missingAccountFunds matchs the signature

Lines of code Vulnerability details validateUserOp function does not check to see if missingAccountFunds uint256 matchs the signature or not . this can be abused if an attacker front run the tx and call validateUserOp in entrypoint using same sig but with a different missingaccountfunds number...

Griefing attacks on handleOps and multiSend logic

Lines of code Vulnerability details Description The handleOps function executes an array of UserOperation. If at least one user operation fails the whole transaction will revert. That means the error on one user ops will fully reverts the other executed ops. The multiSend function reverts if at...

Lack of owner verification in EIP-1271 signature check

Lines of code Vulnerability details Description In the checkSignatures there are checks that the signer is the account owner, but in the case of EIP-1271 signature check there are no such checks: // If v is 0 then it is a contract signature // When handling contract signatures the address of the...

Replay attack on different batchId

Lines of code Vulnerability details Description The execTransaction function includes an input parameter called batchId that is used to determine the nonce which is included in the data signed by the owner. However, batchId is not part of the signed data. This allows any third party to replay a...

Bypass SmartAccount handlePayment

Lines of code Vulnerability details Payment can be small/zero due to rounding down if tokenGasPriceFactor is sufficiently large and function won't revert on zero transfer. Validate tokenGasPriceFactor. --- The text was updated successfully, but these errors were encountered: All reactions...

An attacker can create a smart contract wallet with a malicious config and the address that the user expects his smart contract to have

Lines of code Vulnerability details Issue A deployCounterFactualWallet function in the SmartAccountFactory.sol uses create2 command to deploy a smart contract wallet with the address that can be computed before a transaction. A problem with the function is that it doesn't include the config...

Incorrect management of requested gas amount in EIP-4337 logic

Lines of code Vulnerability details Description According to the EIP-150 call can consume as most 63/64 of parent calls' gas. That means that it is possible to manipulate the gas amount to be passed into calls mentioned in the "Links to affected code" section. Specifically, if the amount of gas...

when the 'v' value from a signature is 0, checkSignatures function can be tricked

Lines of code Vulnerability details Impact when the v value of a signature is = 0, the 'checkSignatures' in entryPoint function doesn't check if the signer is the owner of the wallet and assumes that it is from a contract, a malicious party could craft a signature with the v value = 0, and...

Front-running "deployCounterFactualWallet"

Lines of code Vulnerability details Description The deployCounterFactualWallet function deploys a smart wallet using the create2 function with a salt value that depends on the owner and index parameters. However, the address derivation for the deployed wallet does not depend on the entryPoint and...

Attacker can take control over each SmartAccount proxy and steal all users' funds

Lines of code Vulnerability details Attacker can take control over each SmartAccount proxy and steal all users' funds Impact All users' funds can be stolen by a single attacker tx gas cost only Proof of Concept There are 2 main reasons for this vulnerability: The .checkSignatures in...

The isContract function in LibAddress that uses EXTCODESIZE can be vulnerable to the "Contract Creation Code Execution" attack

Lines of code Vulnerability details Impact It will allow the attacker to potentially execute malicious code in the implementation contract at Proof of Concept contract Victim function isContractaddress account public view returnsbool uint32 csize; assembly size := extcodesizeaccount return csize ...

_validateSignature should not revert on invalid signature (EIP-4337)

Lines of code Vulnerability details Impact Results in unexpected behavior in the EntryPoint contract. Proof of Concept As said in the official specification of EIP-4337: "If the account does not support signature aggregation, it MUST validate the signature is a valid signature of the userOpHash,...

SmartAccount wallet creation can be backdoored

Lines of code Vulnerability details At wallet creation time, an attacker can temporarily swap the address of the entrypoint to install a backdoor in the form of a registered module in the wallet. Since wallets don't necessarily need to be created by their owners, an attacker can frontrun the wall...

SmartAccount implementation contract can be destroyed by anyone

Lines of code Vulnerability details SmartAccount implementation contract can be destroyed by anyone Impact Locking all user's funds forever due to DoS for all functions. Proof of Concept There are 2 main reasons for this vulnerability: 1. The expected behaviour of interacting with the...

Unsigned tokenGasPriceFactor parameter

Lines of code Vulnerability details Description For the calculation of the amount of the token to be paid to the relayer tokenGasPriceFactor value is used. The corresponding logic is the following: payment = gasUsed + baseGas gasPrice / tokenGasPriceFactor; requiretransferTokengasToken, receiver,...

Uninialized or front-runnable .init function in proxy implementation contract

Lines of code Vulnerability details Uninialized or front-runnable .init function in proxy implementation contract Impact DoS for all users' smart account proxies leading to locked funds forever. Proof of Concept Nowhere in the code the SmartAccount.sol implementation contract is initialized by...

Lack of Zero Address Signer Validation

Lines of code Vulnerability details Signer should be checked to not equal the zero address otherwise an invalid signature could pass validation. --- The text was updated successfully, but these errors were encountered: All reactions...

Relayers can steal extra fees from smart contract wallets on every transaction

Lines of code Vulnerability details Impact Relayers can take signed transactions and append zeroes to the signature parameter to artificially increase the gas cost and startGas estimation. This causes additional cost for the signer and increases the relayers reimbursement. The cost/reimbursement...

[Medium-2] Sponsored transactions can be abused for profit

Lines of code Vulnerability details Impact When a user executes a transaction with their SmartAccount, the function execTransaction can be used. In some cases, some protocols want to get promoted and will sponsorize users of the abstract wallet transactions by refunding them back their gas usage ...

Users can accidentally lock their stakes forever

Lines of code Vulnerability details Impact StakeManager accepts user deposits and stakes. When adding a new stake, it allows the arbitrary value of unstakeDelaySec supposedly it is higher than previous info.unstakeDelaySec: function addStakeuint32 unstakeDelaySec public payable DepositInfo storag...

SmartAccount implementation contract can be destroyed by owner

Lines of code Vulnerability details SmartAccount implementation contract can be destroyed by owner Impact Locking users' funds forever due to DoS for all deployed smart account proxies. Neither implementation upgrade will be possible nor withdrawing funds. Proof of Concept The expected behaviour ...

Attacker can gain control of counterfactual wallet

Lines of code Vulnerability details A counterfactual wallet can be used by pre-generating its address using the SmartAccountFactory.getAddressForCounterfactualWallet function. This address can then be securely used for example, sending funds to this address knowing in advance that the user will...

Wrong decoding of paymaster data makes validatePaymasterUserOp always fail, DoS

Lines of code Vulnerability details Impact DoS of validatePaymasterUserOp makes UserOperation's with paymaster not executable Proof of Concept . decodePaymasterData on line 102 in VerifyingSingletonPaymaster.validatePaymasterUserOp returns wrong data and makes function always fail due to the...

Failed transactions may lead to fund loss via replay attacks

Lines of code Vulnerability details Impact Failed transactions inside executeTransaction will revert and make the nonces remain intact. Thus a replay attack with signature arguments is possible. Proof of Concept One can make replay attacks with the reverted executeTransaction function and reprodu...

Destruction of the SmartAccount implementation

Lines of code Vulnerability details Description If the SmartAccount implementation contract is not initialized, it can be destroyed using the following attack scenario: Initialize the SmartAccount implementation contract using the init function. Execute a transaction that contains a single...

Frontrunning deployCounterFactualWallet

Lines of code Vulnerability details entryPoint and handler are not included in the salt, so a front-running attack could be possible for the same owner and index same counterfactual address with malicious entryPoint and handler DoS/freeze funds only entryPoint can be updated, not handler. Add to...

Unsafe Storage Layout

Lines of code Vulnerability details Potentially lead to storage collision and cause the account to be re-initialized or have ownership transferred. Use upgradeable DiamondStorage for all inherited contracts. --- The text was updated successfully, but these errors were encountered: All reactions...

Deny of service in SmartAccountFactory

Lines of code Vulnerability details Impact The salt used for create2 does not include information from the init method, so it is vulnerable to front-running. Proof of Concept it's impossible to override an existing contract in Ethereum. From EIP-684: If a contract creation is attempted, due to...

Calling execute() and executeBatch() functions in SmartAccount.sol from the EntryPoint will fail

Lines of code Vulnerability details Impact The function requireFromEntryPointOrOwner is being called within the execute and executeBatch functions to check if the msg.sender is either the owner or the EntryPoint contract, but these functions have onlyOwner modifier, which will only allow the owne...

Upgraded Q -> M from #216 [1673172689834]

Judge has assessed an item in Issue 216 as M risk. The relevant finding follows: Last collateral check is not safe --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from #173 [1673098404536]

Judge has assessed an item in Issue 173 as M risk. The relevant finding follows: L-03 - Depreciating-soon selfdestruct is used to transfer funds to seller after sale ends. --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from #22 [1673008163388]

Judge has assessed an item in Issue 22 as M risk. The relevant finding follows: L-01 ERC721Vestable.setVestingStart should check newVestingStartvestingEnd. function setVestingStartuint256 newVestingStart internal virtual //@Audit requirevestingEnd newVestingStart, "End must be greater than start"...

Upgraded Q -> M from #187 [1673006043496]

Judge has assessed an item in Issue 187 as M risk. The relevant finding follows: L‑02 EthereumToArbitrumRelayer.processCalls does not check msg.sender is a contract The Arbitrum relay processCalls is intended to be called by EOA, as specified in the docs: Arbitrum requires an EOA to submit a brid...

Upgraded Q -> M from #3 [1673008410396]

Judge has assessed an item in Issue 3 as M risk. The relevant finding follows: MAXSUPPLY of RuniverseLand could be reached before RuniverseLandMinter mints all tokens because of secondary minter RuniverseLand has a MAXSUPPLY of 70000, which is also the sum of all plotsAvailablePerSize within...

Upgraded Q -> M from #172 [1673039408650]

Judge has assessed an item in Issue 172 as M risk. The relevant finding follows: L-02 --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from #22 [1673008228404]

Judge has assessed an item in Issue 22 as M risk. The relevant finding follows: L-02 RuniverseLandMinter.ownerMintUsingTokenId doesn't check if tokenId and plotSize are matched. function ownerMintUsingTokenId IRuniverseLand.PlotSize plotSize, uint256 tokenId, address recipient public onlyOwner...

JIT(JUST-IN TIME) LIQUIDITY OPPORTUNITIES EXISTS FOR USERS

Lines of code Vulnerability details Impact The MEV opportunity created robs the honest users who deposit before the start of a reward cycle. Leading to loss of rewards for said users. Proof of Concept A user deposits AVAX into tokenggAVAX.sol and in return gets an lp token to represent their...

First TokenggAVAX deposit exploit can break share calculation

Lines of code Vulnerability details convertToShares function follow the formula: return supply == 0 ? assets : assets.mulDivDownsupply, totalAssets; The share price always return 1:1 with asset token. If everything work normally, share price will slowly increase with time to 1:2 or 1:10 as more...

EXTERNAL CALL TO UNTRUSTED PARTIES

Lines of code Vulnerability details Impact Functions in this contract or inherited functions can be reentered. Proof of Concept In Vault.sol the withdrawAVAX and redeemAVAX functions make an external call to the msg.sender by way of safeTransferETH. This allows the caller to reenter this and othe...

[NAZ-M2] First ERC4626Upgradeable Deposit Exploit Can Break Share Calculation

Lines of code Vulnerability details Impact ERC4626Upgradeable is an upgradeable version of Solmate's ERC4626 Token. Solmate's convertToShares function follow the formula: assetDepositAmount totalShareSupply / assetBalanceBeforeDeposit. The share price always return 1:1 with asset token. If...

PROTOCOL MIGHT NOT BE ABLE TO OPERATE DUE TO LACK OF FUNDS

Lines of code Vulnerability details Impact Redeem/withdraw functionality will fail under certain conditions and users who want to redeem/withdraw their AVAX will not be able to. Proof of Concept Users stake their AVAX and in return get ggAVAX. The AVAX provided by the users is then staked by the...

MinipoolManager.sol : createMinipool does not check the owner of node when overwriting

Lines of code Vulnerability details Impact owner will be deprived from picking the node id which they already used. when natspec says // If nodeID exists, only allow overwriting if node is finished or canceled The pool that are marked as Withdrawable and Error are also used to overwrite the node ...