search

code-423n4 / 2024-03-coinbase-findings

1 stars 0 forks source link

Malicious State Alteration Impacting Bundler Rewards #163

Closed c4-bot-4 closed 3 months ago

c4-bot-4 commented 3 months ago

Lines of code

https://github.com/code-423n4/2024-03-coinbase/blob/27873bc8881bc79ea21d1868cb13b58ab58ffdbd/src/SmartWallet/CoinbaseSmartWallet.sol#L1-L336

Vulnerability details

Impact

A user can manipulates the state of their CoinbaseSmartWallet between a bundler's validation and transaction submission, causing the transaction to fail and the bundler to miss out on fees.

Proof of Concept

Here's how such a scenario could unfold:

User Prepares Operation: Alice, a user of the CoinbaseSmartWallet, requests a UserOperation to be processed by a bundler. She provides all necessary information, including the current nonce and the set of wallet owners.

Bundler Validates: The bundler receives Alice's UserOperation and validates it. The bundler checks that the nonce is correct and that Alice's wallet has enough funds to cover the gas fees for the transaction.

Intentional State Change: After receiving confirmation of validation from the bundler but before the bundler submits the transaction, Alice intentionally calls the executeBatch function on her CoinbaseSmartWallet. She includes a transaction that updates the nonce and changes the ownership structure of the wallet. Alternatively, she could call _authorizeUpgrade to upgrade the contract to a new implementation, significantly altering the wallet's state.

Bundler Submits: The bundler, unaware of the recent changes, submits Alice's UserOperation to the network, expecting it to succeed as it had passed validation.

Transaction Fails: The network processes the bundler's submission, but the transaction fails because the state of Alice's wallet no longer matches the state expected by the UserOperation. The nonce is incorrect, the ownership may have changed, or the contract code is different due to the upgrade. As a result, the bundler does not receive the reward they anticipated for including the transaction.

Transaction failure problem.

Tools Used

Manual review

Recommended Mitigation Steps

Locking Mechanism: Implement a mechanism to lock the state during the critical period between a bundler's validation and the submission of the UserOperation.

Penalties: Implement penalties for users who frequently cause transactions to fail after validation.

Assessed type

Error

c4-pre-sort commented 3 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 3 months ago

raymondfam marked the issue as duplicate of #111

raymondfam commented 3 months ago

Inadequate elaboration compared to #111.

c4-judge commented 3 months ago

3docSec marked the issue as not a duplicate

3docSec commented 3 months ago

User frontrunning their own UserOperation seems like a systemic risk of ERC-4337 bundlers; the mitigation suggested does not seem feasible.

c4-judge commented 3 months ago

3docSec marked the issue as unsatisfactory: Insufficient proof