Open c4-bot-3 opened 6 months ago
Owners are typically controlled by the SCW creator.
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as primary issue
3docSec changed the severity to QA (Quality Assurance)
Interesting finding, an exploit of the deliberate design of excluding signature validation from certain calls. So user A upgrades their wallet on chain X to contract B that looks alright on chain X. Their transaction is then replayed, without A knowing, on chain Y to upgrade their wallet to contract B, which however on chain Y has a different implementation, and a malicious one.
The key point to consider for judging is that to own the same B address in chain Y, one must own the B address in chain X as well.
This reduces the root cause to either:
both cases falling in QA territory.
3docSec marked the issue as grade-a
Lines of code
https://github.com/code-423n4/2024-03-coinbase/blob/e0573369b865d47fed778de00a7b6df65ab1744e/src/SmartWallet/CoinbaseSmartWallet.sol#L180-L187 https://github.com/code-423n4/2024-03-coinbase/blob/e0573369b865d47fed778de00a7b6df65ab1744e/src/SmartWallet/CoinbaseSmartWallet.sol#L252-L262 https://github.com/code-423n4/2024-03-coinbase/blob/e0573369b865d47fed778de00a7b6df65ab1744e/src/SmartWallet/CoinbaseSmartWallet.sol#L257
Vulnerability details
executeWithoutChainIdValidation
is intended to allow specific functions to be executed on contract without validating the chain ID. It takes the function selector from the calldata and checks if it is allowed to skip chain ID validation using thecanSkipChainIdValidation
function. If allowed, it calls the function on the contract itself using_call
.executeWithoutChainIdValidation
This can only be called by the EntryPoint contract, as enforced by the
onlyEntryPoint
modifier. It extracts the function selector from the calldata and checks if it's allowed to skip chain ID validation usingcanSkipChainIdValidation
. If not allowed, it reverts. If allowed, it calls the function on itself using_call
.canSkipChainIdValidation
Note:
The issue lies in the inclusion of theupgradeToAndCall
function selector in thecanSkipChainIdValidation
check. This allows theupgradeToAndCall
function to be executed without validating the chain ID.The issue is an edge case responsible for enabling this vulnerability.
It is expected to allow only safe and non-critical functions to be executed without chain ID validation. These should not have any unintended consequences when replayed across different chains.
But because of the inclusion of
upgradeToAndCall
in the allowed functions, an attacker can potentially trick an owner into signing a transaction that upgrades the wallet implementation on one chain, and then replay that transaction on other chains to upgrade the wallet to a malicious implementation. This malicious implementation could allow the attacker to steal funds or control the wallet on those chains.Impact
If exploited, it could lead to the compromise of the smart wallet on multiple chains, allowing an attacker to steal funds or gain unauthorized control over the wallet.
Recommended Mitigation Steps
Consider removing upgradeToAndCall from the allowed list in
canSkipChainIdValidation
. It is too risky to allow this to be replayed across chains, as it could lead to wallet compromise.Assessed type
Access Control