Contracts should use account-abstraction v-0.7.0 instead of v06.0

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0x8c960254d0aa57a27cd2e07be8072e322aa126b7c4006adf4562189ce45bb521 Severity: low

Description: Description\ Both AtomWallet.sol and EthMultiVault.sol have been using account-abstraction contracts like baseAccount.sol and entryPoint.sol. The current version identified from package-lock.json for account-abstraction is 0.6.0

    "node_modules/@account-abstraction/contracts": {
      "version": "0.6.0",

0.6.0 is an year old version which was released in April,2023 and there is new version released by eth-infinitism and it is 0.7.0 released in Feb,2024.

0.7.0 should be used for following reasons: 1) Most of bugs of 0.6.0 is fixed. 2) Deprecated functions removed. 3) EntryPoint better OOG revert handling in userOp execution. 4) Added validations across few functions. 5) Added ERC-165 "supportsInterface" to the EntryPoint. 6) Added a 10% penalty charge for unused execution gas limit. 7) Lots of gas optimizations

Full 0.7.0 changes can be checked at https://github.com/eth-infinitism/account-abstraction/releases/tag/v0.7.0

Recommendations\ Use @account-abstraction/contracts version 0.7.0

[mihailo-maksa]

The reported issue regarding the use of version 0.6.0 instead of the newer 0.7.0 for account-abstraction contracts has been reviewed. Here is our detailed perspective:

Enhancement Suggestion: Upgrading to the latest version (0.7.0) of the account-abstraction contracts is generally a good practice as it includes bug fixes, deprecations, optimizations, and new features. This enhancement would ensure that the latest improvements and security patches are incorporated into the protocol.

Impact Assessment: While using an older version (0.6.0) does not introduce any immediate security vulnerabilities, upgrading to the latest version would enhance the protocol's overall robustness and efficiency. The improvements in version 0.7.0, such as better OOG revert handling, additional validations, gas optimizations, and support for ERC-165, provide significant benefits.

Severity Assessment: Since this issue does not lead to security vulnerabilities or financial risks, it is classified as a low severity enhancement. The primary benefit of this enhancement is improved performance, security, and compliance with the latest standards.

Conclusion: While the recommendation to upgrade to version 0.7.0 is a useful enhancement, it does not qualify as a security vulnerability. Therefore, we consider this issue to be an enhancement rather than a bug.

Status: This issue is an enhancement.

Comment for the Reporter: Thank you for the enhancement suggestion. We agree that upgrading to the latest version of the account-abstraction contracts would bring several benefits, including improved performance and security. However, since this does not pose a direct security vulnerability, we classify it as an enhancement. We can still consider a lower payout for this valid suggestion.

[0xRizwan]

@mihailo-maksa This should be labelled as minor issue since enhancement were tagged earlier.