The _validateSignature
function is used by the EntryPoint to determine if the signature sent by a user is valid. However, this function retrieves the signer but does not verify if this signer is the wallet owner. As a result, anyone could bypass the signature validation and send any operation to any wallet.
Likelyhood: High
Anyone can send any operation to the wallet.
Impact: High
Theft of funds
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.