mihailo-maksa
commented
2 days ago Our detailed perspective:
- Please paste the code files directly here instead of providing download links for easier review and validation.
- The proposed fix should address cases where the signature is invalid, not just where there is a mismatch. Specifically, the
_validateSignaturefunction should be updated to check the error return value of theECDSA.tryRecoverfunction and revert accordingly if the signature is invalid. - To comply with the ERC-4337 standard, our implementation will ensure that the validation of the signature results in
SIG_VALIDATION_FAILEDwhen there is a mismatch, while any other error must cause a revert. - In conclusion, we acknowledge this as a minor issue and will implement the necessary changes to ensure full compliance with the ERC-4337 standard, enhancing the robustness of our contract's signature validation process.
Github username: -- Twitter username: @burnerelu Submission hash (on-chain): 0x0f336c0e954ad4133dff4950831ca5d667b42939442ee9ffca1dff0b77507a94 Severity: low
Description: Description\ ERC-4337 states the following: "(The account) .. MUST validate the signature is a valid signature of the userOpHash, and SHOULD return SIG_VALIDATION_FAILED (and not revert) on signature mismatch. Any other error MUST revert." (https://eips.ethereum.org/EIPS/eip-4337).
In the current AtomWallet implementation, the error return value of the
ECDSA.tryRecoverfunction is not checked. This way, regardless of the error signaled by the tryRecover function, the_validateSignatureimplementation will not revert.Attack Scenario\ Not applicable
Attachments
validateSigOriginal.sol - contains the function that does not respect the ERC-4337 standard
A third option would be to call
ECDSA.recoverinstead ofECDSA.tryRecover, as it is done in example https://github.com/eth-infinitism/account-abstraction/blob/develop/contracts/samples/SimpleAccount.solFiles: