The `MondrianWallet::_validateSignature` is not EIP-4337 compliant, which can lead to EntryPoint incompatibilities
Summary
According to MondrianWallet's documentation (taken from the wallet docs),
We do not use the Paymaster or Aggregator in our Mondrian Wallet.
The protocol does not currently support aggregation, and as per the EIP-4337 documentation,
If the account does not support signature aggregation, it MUST validate the signature is a valid signature of the userOpHash, and SHOULD return SIG_VALIDATION_FAILED (and not revert) on signature mismatch. Any other error should revert.
Currently, the wallet uses the base logic of the ECDSA.recover() function to validate the signature, which reverts in case of a signature mismatch. This can lead to EntryPoint incompatibilities, as any EIP-4337 compatible EntryPoint would expect a return value in case of a signature mismatch.
Impact
The current implementation of the MondrianWallet::_validateSignature function can lead to EntryPoint incompatibilities with EIP-4337 compatible contracts.
Proof of Concept
If we check the implementation of the actual AA signature validation in the SimpleAccount sample, we can see that if there is a signature mismatch, the function returns SIG_VALIDATION_FAILED instead of reverting. This is the expected behavior for EIP-4337 compatible contracts.
Tools Used
Manual review
Recommended mitigation
Change the MondrianWallet::_validateSignature function to return SIG_VALIDATION_FAILED in case of a signature mismatch.
Lead Judging Commences
ECDSA.recover should check against sender
`_validateSignature` SHOULD return SIG_VALIDATION_FAILED (and not revert) on signature mismatch.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.