First Flight #15: Mondrian Wallet

Summary

The _payPrefund function in the MondrianWallet smart contract is responsible for pre-funding the entryPoint contract with the necessary Ether to cover transaction costs for operations initiated by the wallet. However, this function currently fails to check the success of the Ether transfer, potentially leading to scenarios where the wallet believes it has successfully sent funds when, in reality, the transaction may have failed. This oversight could cause discrepancies in the contract's state and fund management, potentially impacting the reliability of subsequent transactions.

Vulnerability Details

The function attempts to send Ether using a low-level call, but does not check the boolean success returned by this method to determine if the transaction was executed successfully:

Ignoring the result of this critical transaction means the wallet does not react to failed fund transfers, which might occur due to gas limit issues, execution errors in the entryPoint, or other blockchain-related exceptions.

Impact

If the function fails to transfer funds but does not revert the transaction or handle the failure, subsequent user operations that depend on these funds might fail. This can degrade the user experience and trust in the wallet's reliability, and in worse scenarios, could lead to financial losses if operations are assumed to have been funded and executed when they have not.

Tools Used

• Manual Review

Recommendations

1. Check Transaction Outcomes: Modify the _payPrefund function to check the success variable and handle it appropriately by reverting the transaction on failure:

   if (missingAccountFunds != 0) {

   (bool success,) = payable(msg.sender).call{value: missingAccountFunds, gas: type(uint256).max}("");

   require(success, "Fund transfer to EntryPoint failed");

   }