Open hats-bug-reporter[bot] opened 3 days ago
Our detailed perspective:
_validateSignature
function should be updated to check the error return value of the ECDSA.tryRecover
function and revert accordingly if the signature is invalid.SIG_VALIDATION_FAILED
when there is a mismatch, while any other error must cause a revert.
Github username: -- Twitter username: @burnerelu Submission hash (on-chain): 0x0f336c0e954ad4133dff4950831ca5d667b42939442ee9ffca1dff0b77507a94 Severity: low
Description: Description\ ERC-4337 states the following: "(The account) .. MUST validate the signature is a valid signature of the userOpHash, and SHOULD return SIG_VALIDATION_FAILED (and not revert) on signature mismatch. Any other error MUST revert." (https://eips.ethereum.org/EIPS/eip-4337).
In the current AtomWallet implementation, the error return value of the
ECDSA.tryRecover
function is not checked. This way, regardless of the error signaled by the tryRecover function, the_validateSignature
implementation will not revert.Attack Scenario\ Not applicable
Attachments
validateSigOriginal.sol - contains the function that does not respect the ERC-4337 standard
A third option would be to call
ECDSA.recover
instead ofECDSA.tryRecover
, as it is done in example https://github.com/eth-infinitism/account-abstraction/blob/develop/contracts/samples/SimpleAccount.solFiles: