code-423n4 2023-01-biconomy-findings issues

code-423n4 / 2023-01-biconomy-findings

12 stars 10 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #362 [1676219107265]

#549 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #308 [1676219092947]

#548 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #353 [1676219078358]

#547 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #59 [1676219064442]

#546 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #157 [1676219053268]

#545 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #525 [1676219014177]

#544 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #533 [1676218902616]

#543 c4-judge closed 1 year ago
2
Upgraded Q -> 2 from #504 [1676216850158]

#542 c4-judge closed 1 year ago
3
Non upgradeable version being used

#540 code423n4 closed 1 year ago
4
Gas Optimizations

#539 code423n4 closed 1 year ago
7
Gas Optimizations

#538 code423n4 closed 1 year ago
3
Gas Optimizations

#537 code423n4 closed 1 year ago
2
SmartAccountFactory.sol - Account can be created for an owner and setting any entryPoint

#536 code423n4 closed 1 year ago
9
Relayers can steal extra fees from smart contract wallets on every transaction

#535 code423n4 closed 1 year ago
13
Gas Optimizations

#534 code423n4 closed 1 year ago
2
QA Report

#533 code423n4 opened 1 year ago
2
QA Report

#532 code423n4 closed 1 year ago
2
Wrong decoding of paymaster data makes validatePaymasterUserOp always fail, DoS

#531 code423n4 closed 1 year ago
4
validateUserOp does not check if missingAccountFunds matchs the signature

#530 code423n4 closed 1 year ago
4
Gas Optimizations

#529 code423n4 opened 1 year ago
2
QA Report

#528 code423n4 closed 1 year ago
3
QA Report

#527 code423n4 opened 1 year ago
3
Gas Optimizations

#526 code423n4 closed 1 year ago
2
QA Report

#525 code423n4 closed 1 year ago
2
Unsafe Storage Layout

#524 code423n4 closed 1 year ago
2
Bypass SmartAccount `handlePayment`

#523 code423n4 closed 1 year ago
2
Frontrunning `deployCounterFactualWallet`

#522 code423n4 closed 1 year ago
5
QA Report

#521 code423n4 closed 1 year ago
3
Bypass `depositFor` Contract Check

#520 code423n4 closed 1 year ago
2
Lack of Zero Address Signer Validation

#519 code423n4 closed 1 year ago
3
Frontrunning of smart wallet deployment

#518 code423n4 closed 1 year ago
7
Proxy creation isn't check in `deployWallet` function of `SmartAccountFactory` contract

#517 code423n4 closed 1 year ago
6
_validateSignature should not revert on invalid signature (EIP-4337)

#516 code423n4 closed 1 year ago
5
QA Report

#515 code423n4 opened 1 year ago
3
Failed transactions may lead to fund loss via replay attacks

#514 code423n4 closed 1 year ago
2
Incorrect management of requested gas amount in EIP-4337 logic

#513 code423n4 closed 1 year ago
3
QA Report

#512 code423n4 closed 1 year ago
1
handleAggregatedOps() does not handle non-atomic transactions which results in whole function revert if one transaction does not go through

#511 code423n4 closed 1 year ago
3
The isContract function in LibAddress that uses EXTCODESIZE can be vulnerable to the "Contract Creation Code Execution" attack

#510 code423n4 closed 1 year ago
1
QA Report

#509 code423n4 closed 1 year ago
1
Front-running of the relayers transaction

#508 code423n4 closed 1 year ago
3
QA Report

#507 code423n4 opened 1 year ago
2
Gas Optimizations

#506 code423n4 closed 1 year ago
1
QA Report

#505 code423n4 opened 1 year ago
2
Incorrect signature check in the `validatePaymasterUserOp` function

#504 code423n4 closed 1 year ago
14
Gas Optimizations

#503 code423n4 opened 1 year ago
2
Users can accidentally lock their stakes forever

#502 code423n4 closed 1 year ago
1
Unpreparedness for upgrades contracts that `SmartAccount` inherits

#501 code423n4 closed 1 year ago
3
QA Report

#500 code423n4 closed 1 year ago
1
Griefing attacks on `handleOps` and `multiSend` logic

#499 code423n4 opened 1 year ago
6