Closed code423n4 closed 1 year ago
gzeon-c4 marked the issue as primary issue
livingrockrises marked the issue as sponsor disputed
first 20 bytes of paymasterAndData is the paymasterAddress! then starts the paymasterId packed with signature!
gzeon-c4 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/paymasters/verifying/singleton/VerifyingSingletonPaymaster.sol#L102
Vulnerability details
Impact
DoS of validatePaymasterUserOp makes UserOperation's with paymaster not executable
Proof of Concept
. decodePaymasterData
on line 102 in VerifyingSingletonPaymaster.validatePaymasterUserOp returns wrong data and makes function always fail due to the following checks. This means that UserOperation with paymaster are not executable as will always fail validation from the paymaster.The problem is that
.decodePaymasterData
in PaymasterHelpers.sol on line 36 cuts the first 20 byte from the paymasterAndData where the paymasterId is actually located and returns wrong values for (address paymasterId, bytes memory signature)Tools Used
Manual review
Recommended Mitigation Steps
Fix decoding in PaymasterHelpers.decodePaymasterData