code-423n4 2023-01-biconomy-findings issues

code-423n4 / 2023-01-biconomy-findings

7 stars 9 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Gas Optimizations

#448 code423n4 opened 1 year ago
2
`tokenGasPriceFactor` in `FeeRefund` struct can be malleable in calls to `execTransaction`

#447 code423n4 closed 1 year ago
3
Gas Optimizations

#446 code423n4 opened 1 year ago
2
QA Report

#445 code423n4 closed 1 year ago
1
Gas Optimizations

#444 code423n4 closed 1 year ago
1
SmartAccount implementation can be destroyed by a bad actor

#443 code423n4 closed 1 year ago
3
Gas Optimizations

#442 code423n4 closed 1 year ago
1
`transferToken` deducts a fixed gas amount

#441 code423n4 closed 1 year ago
1
Gas Optimizations

#440 code423n4 closed 1 year ago
1
QA Report

#439 code423n4 closed 1 year ago
1
QA Report

#438 code423n4 opened 1 year ago
2
QA Report

#437 code423n4 closed 1 year ago
1
Gas Optimizations

#436 code423n4 opened 1 year ago
2
Gas Optimizations

#435 code423n4 opened 1 year ago
2
Gas Optimizations

#434 code423n4 opened 1 year ago
3
Attacker can bypass signature validation and send arbitrary transactions to be executed by smart wallet.

#433 code423n4 closed 1 year ago
4
`executeBatch()` , `handleOps()`, `handleAggregatedOps`, `innerHandleOp()` are susceptible to DOS with block gas limit

#432 code423n4 closed 1 year ago
1
Gas Optimizations

#431 code423n4 closed 1 year ago
1
Gas Optimizations

#430 code423n4 closed 1 year ago
1
QA Report

#429 code423n4 closed 1 year ago
1
Hardcoding gas costs should be avoided

#428 code423n4 opened 1 year ago
8
QA Report

#427 code423n4 closed 1 year ago
1
The Smart Account can be generated in duplicate, and the attacker uses it by frontrunning the wallet generation process.

#426 code423n4 closed 1 year ago
3
Gas Optimizations

#425 code423n4 closed 1 year ago
1
Transaction replay is possible due to the use of mapping of nonces

#424 code423n4 closed 1 year ago
4
QA Report

#423 code423n4 opened 1 year ago
2
QA Report

#422 code423n4 closed 1 year ago
3
Low-level call/delegatecall can fail silently

#421 code423n4 closed 1 year ago
2
Replay attack on UserOperation if the smart account is not deployed before

#420 code423n4 closed 1 year ago
8
checkSignatures will revert for all possible contract signatures

#419 code423n4 closed 1 year ago
2
QA Report

#418 code423n4 closed 1 year ago
2
QA Report

#417 code423n4 opened 1 year ago
4
QA Report

#416 code423n4 closed 1 year ago
1
Gas Optimizations

#415 code423n4 closed 1 year ago
1
`tokenGasPriceFactor` can be changed to either maximize gas refund or minimize it

#414 code423n4 closed 1 year ago
3
Checks in `isContract()` can be bypassed using CREATE2 which can break several functionalities

#413 code423n4 closed 1 year ago
3
Owner could brick all proxies by overwriting the implementation contract and making `updateImplementation` unusable

#412 code423n4 closed 1 year ago
3
`execFromEntryPoint` will always revert.

#411 code423n4 closed 1 year ago
10
No zero address check for withdrawAddress

#410 code423n4 closed 1 year ago
1
QA Report

#409 code423n4 opened 1 year ago
2
`validatePaymasterUserOp` allows for signature malleability

#408 code423n4 closed 1 year ago
3
A malicious user can make other's smart wallet invoke any external contract by deploying the smart wallet

#407 code423n4 closed 1 year ago
3
QA Report

#406 code423n4 closed 1 year ago
1
Transfer of ownership in single step

#405 code423n4 closed 1 year ago
2
Deploy wallet for another user with fake entityPoint or handler

#404 code423n4 closed 1 year ago
3
Gas Optimizations

#403 code423n4 closed 1 year ago
1
QA Report

#402 code423n4 opened 1 year ago
2
User pays more to unstake

#401 code423n4 closed 1 year ago
1
EIP1271 Not Implemented

#400 code423n4 closed 1 year ago
5
Gas Optimizations

#399 code423n4 closed 1 year ago
1

Previous Next