Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Valid

A flaw in `MondrianWallet::_validateSignature` allows malicious users to bypass signature verification of transactions, potentially resulting in the loss of user funds.

Description:

The internal _validateSignature function is used in the external validateUserOp function. The _validateSignature function is intended to check the validity of the signature of a UserOperation.
However, the function contains a bug because it does not verify the returned address of the ECDSA.recover function, which returns an address that signed a hashed message. Instead, the _validateSignature function returns a SIG_VALIDATION_SUCCESS value for each signature verification action, regardless of whether the provided signature is valid or not.

Impact:

A vulnerability in the signature verification process within the _validateSignature function results in every signed user transaction (UserOperation), regardless of the validity of the signature, being mistakenly recognized as valid by the EntryPoint contract. Without proper signature verification, attackers can create transactions with forged signatures and present them as valid, allowing them to execute transactions on behalf of the user without authorization. This lack of verification could lead to a direct loss of assets, as unauthorized transactions may be executed, resulting in the deduction of assets from the user's account.

Tools Used

Manual review, vscode

Recommended Mitigation:

Consider making the following change to the _validateSignaturefunction:

function _validateSignature(PackedUserOperation calldata userOp, bytes32 userOpHash)
internal
- pure
+ view
returns (uint256 validationData)
{
bytes32 hash = MessageHashUtils.toEthSignedMessageHash(userOpHash);
- ECDSA.recover(hash, userOp.signature);
+ if (address(owner()) != ECDSA.recover(hash, userOp.signature))
+ return SIG_VALIDATION_FAILED;
return SIG_VALIDATION_SUCCESS;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

ECDSA.recover should check against sender

`_validateSignature` SHOULD return SIG_VALIDATION_FAILED (and not revert) on signature mismatch.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.