[H-01] Vulnerability in Signature Validation of `_validateSignature` Function
Summary
The _validateSignature function within the MondrianWallet smart contract is critically flawed due to its failure to validate signatures properly. This function is intended to ensure that user operations are executed only by entities with authorized access. However, it is currently hardcoded to always return SIG_VALIDATION_SUCCESS, which bypasses signature verification. This allows any user, regardless of their authenticity, to submit operations, posing a severe security risk.
Vulnerability Details
The function utilizes the ECDSA.recover method from the OpenZeppelin library to attempt to recover the address from a given signature and a hashed message (userOpHash). Although the function successfully recovers an address from the signature, it does not perform any subsequent checks to verify whether the recovered address is authorized to perform the requested operation. Here is the critical part of the code:
Impact
This vulnerability can be exploited to forge signatures and execute unauthorized transactions or state changes. The implications are particularly dire, including potential unauthorized fund transfers, administrative changes, or other malicious activities that could severely compromise the integrity and security of the contract and its stakeholders.
Tools Used
Manual Review
Recommendations
Implement Signature Verification: Revise the
_validateSignaturefunction to include a verification step that checks if the recovered address is among the set of addresses authorized to initiate operations:address recoveredAddress = ECDSA.recover(hash, userOp.signature);require(recoveredAddress == authorizedSigner, "Unauthorized signer detected");
Lead Judging Commences
ECDSA.recover should check against sender
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.