The onlyACloneables modifier only checks if the implementation supports the ACloneable interface via supportsInterface.
A malicious contract can falsely claim support for ACloneable by returning true in supportsInterface, even if it doesn't correctly implement the interface.
Impact
Users might unknowingly deploy clones of malicious contracts, leading to potential loss of funds or other security breaches.
Albort
Medium
Insufficient Validation of Implementations
Summary
Vulnerability Detail
The
onlyACloneablesmodifier only checks if the implementation supports theACloneableinterface viasupportsInterface.A malicious contract can falsely claim support for
ACloneableby returningtrueinsupportsInterface, even if it doesn't correctly implement the interface.Impact
Users might unknowingly deploy clones of malicious contracts, leading to potential loss of funds or other security breaches.
Code Snippet
https://github.com/sherlock-audit/2024-06-boost-aa-wallet/blob/main/boost-protocol/packages/evm/contracts/BoostRegistry.sol#L70
Tool used
Manual Review
Recommendation
Implement additional checks within
onlyACloneablesto verify that the contract truly implements the expected functions.