code-423n4 2023-01-biconomy-findings issues

code-423n4 / 2023-01-biconomy-findings

12 stars 10 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

[Medium-3] Non-compliance with EIP-4337

#498 code423n4 opened 1 year ago
5
One-step ownership change is vulnerable

#497 code423n4 closed 1 year ago
2
Destruction of the `SmartAccount` implementation

#496 code423n4 opened 1 year ago
7
Calling execute() and executeBatch() functions in SmartAccount.sol from the EntryPoint will fail

#495 code423n4 closed 1 year ago
3
QA Report

#494 code423n4 closed 1 year ago
1
Gas Optimizations

#493 code423n4 closed 1 year ago
1
Unsigned `tokenGasPriceFactor` parameter

#492 code423n4 closed 1 year ago
5
Uninialized or front-runnable `.init` function in proxy implementation contract

#491 code423n4 closed 1 year ago
3
[Medium-2] Sponsored transactions can be abused for profit

#490 code423n4 closed 1 year ago
9
Theft of funds under relaying the transaction

#489 code423n4 opened 1 year ago
7
Loss of funds if mistakenly sent to the implementation contract

#488 code423n4 closed 1 year ago
1
[Medium-1] The AccountTx type hash is wrong and will not enable clients to encode their signatures properly

#487 code423n4 closed 1 year ago
11
Lack of owner verification in EIP-1271 signature check

#486 code423n4 closed 1 year ago
4
Replay attack on different batchId

#485 code423n4 closed 1 year ago
10
THE ETHEREUM WILL GET LOCKED IN THE CONTRACT IF THE EXTERNAL CALL FUNCTION REVERTS DUE TO REQUIRE FUNCTION FAILURE

#484 code423n4 closed 1 year ago
5
QA Report

#483 code423n4 closed 1 year ago
1
Front-running "deployCounterFactualWallet"

#482 code423n4 closed 1 year ago
3
Ability to bypass the despositFor() function's check and to set the PaymasterId to the address of a smart contract

#481 code423n4 closed 1 year ago
3
QA Report

#480 code423n4 closed 1 year ago
1
QA Report

#479 code423n4 closed 1 year ago
1
IEntryPoint is used in SmartAccount contract but not imported

#478 code423n4 closed 1 year ago
1
Attacker can take control over each SmartAccount proxy and steal all users' funds

#477 code423n4 closed 1 year ago
3
SmartAccount implementation contract can be destroyed by anyone

#476 code423n4 closed 1 year ago
3
Gas Optimizations

#475 code423n4 closed 1 year ago
1
SmartAccount implementation contract can be destroyed by owner

#474 code423n4 closed 1 year ago
5
THE DOMAINSEPERATOR CANNOT BE RECALCULATED AFTER A HARD FORK HAPPENS

#473 code423n4 closed 1 year ago
1
Signature Replay attack on re-created smart accounts

#472 code423n4 opened 1 year ago
8
The owner's address is not declared as payable

#471 code423n4 closed 1 year ago
5
when the 'v' value from a signature is 0, checkSignatures function can be tricked

#470 code423n4 closed 1 year ago
3
Signature Replay Attack when EntryPoint contract is changed

#469 code423n4 closed 1 year ago
5
```execute()``` and its related functions revert for ```msg.value```> 0

#468 code423n4 closed 1 year ago
4
LOW LEVEL CALL RETURNS TRUE IF THE ADDRESS DOESN’T EXIST

#467 code423n4 closed 1 year ago
1
Cross-Chain Signature Replay Attack

#466 code423n4 opened 1 year ago
7
QA Report

#465 code423n4 opened 1 year ago
2
Deny of service in `SmartAccountFactory`

#464 code423n4 closed 1 year ago
4
QA Report

#463 code423n4 closed 1 year ago
1
QA Report

#462 code423n4 closed 1 year ago
1
QA Report

#461 code423n4 closed 1 year ago
1
Attacker can gain control of counterfactual wallet

#460 code423n4 opened 1 year ago
5
Gas Optimizations

#459 code423n4 closed 1 year ago
1
SmartAccount wallet creation can be backdoored

#458 code423n4 closed 1 year ago
3
Gas Optimizations

#457 code423n4 closed 1 year ago
1
An attacker can create a smart contract wallet with a malicious config and the address that the user expects his smart contract to have

#456 code423n4 closed 1 year ago
3
SmartAccount Inherits from Initializable but the Initializable contract is not imported from openzepplin

#455 code423n4 closed 1 year ago
1
THE PROTOCOL HEAVILY DEPENDS ON ADMIN ACTIONS, HENCE SINGLE-STEP OWNERSHIP TRANSFER IS DANGEROUS

#454 code423n4 closed 1 year ago
3
Allows malleable `SECP256K1` signatures

#453 code423n4 closed 1 year ago
3
Incorrect Uint Type Might Result In Wrong(Or Loss) Stake Value

#452 code423n4 closed 1 year ago
1
SmartAccount.sol Inherit from ISignatureValidatorConstants instead of ISignatureValidator

#451 code423n4 closed 1 year ago
1
QA Report

#450 code423n4 opened 1 year ago
2
SmartAccount authorization can be bypassed using a contract signature

#449 code423n4 closed 1 year ago
3

Previous Next