MondrianWallet::_validateSignature
Does Not Check The Signer AddressDescription: The _validateSignature
internal function is used to check for signature validation of any UserOperations, but since it does not check the recoverd address of ECDSA.recover
any UserOperation will pass this validation.
Impact: There is no check wether the owner sent this operation or not and all signatures if recoverable will pass.
Proof of Concept:
Recommended Mitigation: Here is an example implementation from smartcontracts.tips guide to acoount abstraction, you can implement somthing similar to this:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.