c4-judge
commented
1 year ago gzeon-c4 marked the issue as duplicate of #370
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago gzeon-c4 marked the issue as duplicate of #370
c4-sponsor
commented
1 year ago livingrockrises marked the issue as sponsor confirmed
livingrockrises
commented
1 year ago this should be a seperate primary issue
c4-sponsor
commented
1 year ago livingrockrises requested judge review
c4-judge
commented
1 year ago gzeon-c4 marked the issue as selected for report
gzeon-c4
commented
1 year ago Selected as best as this issue also mention the wrong function signature.
c4-judge
commented
1 year ago gzeon-c4 marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/interfaces/ISignatureValidator.sol#L6 https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/interfaces/ISignatureValidator.sol#L19 https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L342
Vulnerability details
Impact
As Per EIP-1271 standard
ERC1271_MAGIC_VAULEshould be0x1626ba7einstead of0x20c13b0band function name should beisValidSignature(bytes32,bytes)instead ofisValidSignature(bytes,bytes). Due to this, signature verifier contract go fallback function and return unexpected value and never returnERC1271_MAGIC_VALUEand always revertexecTransactionfunction.Proof of Concept
https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/interfaces/ISignatureValidator.sol#L6
https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/interfaces/ISignatureValidator.sol#L19
https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L342
Tools Used
Manual Review
Recommended Mitigation Steps
Follow EIP-1271 standard.