A flaw in `MondrianWallet::_validateSignature` allows malicious users to bypass signature verification of transactions, potentially resulting in the loss of user funds.
Description:
The internal _validateSignature function is used in the external validateUserOp function. The _validateSignature function is intended to check the validity of the signature of a UserOperation.
However, the function contains a bug because it does not verify the returned address of the ECDSA.recover function, which returns an address that signed a hashed message. Instead, the _validateSignature function returns a SIG_VALIDATION_SUCCESS value for each signature verification action, regardless of whether the provided signature is valid or not.
Impact:
A vulnerability in the signature verification process within the _validateSignature function results in every signed user transaction (UserOperation), regardless of the validity of the signature, being mistakenly recognized as valid by the EntryPoint contract. Without proper signature verification, attackers can create transactions with forged signatures and present them as valid, allowing them to execute transactions on behalf of the user without authorization. This lack of verification could lead to a direct loss of assets, as unauthorized transactions may be executed, resulting in the deduction of assets from the user's account.
Tools Used
Manual review, vscode
Recommended Mitigation:
Consider making the following change to the _validateSignaturefunction:
Lead Judging Commences
ECDSA.recover should check against sender
`_validateSignature` SHOULD return SIG_VALIDATION_FAILED (and not revert) on signature mismatch.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.