First Flight #15: Mondrian Wallet

First Flight #15

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Potential Scalability and Usability Issues

Mill

Summary

The MondrianWallet contract, as designed, does not inherently support the creation of multiple instances for different users. This design limits its scalability and usability, especially in scenarios where multiple users need to interact with the contract independently. The contract is designed to be deployed once and used by a single deployer (0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045), which restricts its applicability for a broader audience.

Vulnerability Details

Single Instance Deployment: The MondrianWallet contract is designed to be deployed once and does not include a mechanism for creating multiple instances for different users. This design choice limits the contract's ability to serve multiple users simultaneously, which is a critical limitation for a wallet intended for widespread use.
Lack of Factory Functionality: The contract lacks a factory pattern implementation that would allow users to create their own instances of the wallet. This omission prevents users from having their own unique wallets, which is essential for managing personal assets securely and privately.

Impact

Limited Scalability: The inability to create multiple instances of the MondrianWallet contract limits its scalability. As the number of users grows, the demand for individualized wallet instances increases, necessitating a scalable solution.
Reduced Usability: Users who require their own wallet instance for privacy, security, or organizational purposes are hindered by this design. The lack of a factory pattern means users cannot easily create their own instances tailored to their needs.
Potential Security Risks: Deploying a single instance of the contract for multiple users could lead to security risks, such as unauthorized access or manipulation of funds, as all users share the same contract instance.

Tools Used

Hardhat

Recommendations

Implement a Factory Pattern: Introduce a factory contract that allows users to create their own instances of the MondrianWallet. This approach enables each user to have a unique wallet instance, enhancing both scalability and privacy.

An example can be found in the account-abstraction Github Repo:
https://github.com/eth-infinitism/account-abstraction/blob/develop/contracts/samples/SimpleAccountFactory.sol

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.