MondrianWallet::validateUserOp
does not comply with EIP-4337 specs for validateUserOp
.
Quoting EIP-4337:
If the account does not support signature aggregation, it MUST validate the signature is a valid signature of the
userOpHash
, and SHOULD returnSIG_VALIDATION_FAILED
(and not revert) on signature mismatch. Any other error MUST revert.
The implementation in-hand does not support signature aggregation, therefore it SHOULD return SIG_VALIDATION_FAILED
. Instead, it reverts on every signature mismatch.
SIG_VALIDATION_FAILED
is declared but not used which indicate the intent to use it, reference.
Quoting EIP-4337 again:
The return value MUST be packed of
authorizer
,validUntil
andvalidAfter
timestamps.
The implementation in-hand only return authorizer
e.g. SIG_VALIDATION_SUCCESS
which corresponds to 0. reference.
Non-compliance with EIP-4337.
Manual review.
Refactor the code that is not compliant with the EIP.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.