Summary

The _validateSignature function is intended to validate the signature of a user operation (userOp) against a hash (userOpHash) to ensure that the operation is authorized by the correct signer. However, the function as implemented has a critical vulnerability: it always returns SIG_VALIDATION_SUCCESS regardless of whether the signature is valid or not.

Vulnerability Details

The vulnerability arises from the fact that the actual signature verification step using ECDSA.recover(hash, userOp.signature) is not checked against any known public key or address. The result of the recover function is not stored, compared, or validated in any way. Instead, the function immediately returns SIG_VALIDATION_SUCCESS after the recover call. This means that any user operation, regardless of the signature provided, will pass this validation check, effectively bypassing the signature authentication mechanism.

Impact

An attacker could exploit this vulnerability to execute unauthorized operations as if they were the legitimate owner of the contract.

Tools Used

Manual Review, Audit Wizard

Recommendations

To fix this vulnerability, the _validateSignature function should compare the address recovered from the signature with the known, legitimate signer's address (which could be the contract owner or another authorized address). If the recovered address does not match the expected address, the function should return SIG_VALIDATION_FAILED instead of SIG_VALIDATION_SUCCESS.