Accounts using non-standard signing methods won't work with `Mondrian Wallet`
Relevant github link
https://github.com/Cyfrin/2024-07-Mondrian-Wallet_v2/blob/main/src/MondrianWallet2.sol#L139
Summary
MondrianWallet expects ECDSA signatures, but ZkSync accounts might use non-standard signing methods. Any such accounts won't work with MondrianWallet.
Vulnerability Details
zkSync's account abstraction allows accounts to use custom logic for signing transactions, not just ECDSA signatures. This means accounts using non-standard signing methods won't work with MondrianWallet as it currently relies on ECDSA.
Tools Used
Manual review.
Recommendations
Follow the recommendations in the ZkSync documentation:
Use zkSync Era's native account abstraction support for signature validation instead of this [ecrecover] function.
We recommend not relying on the fact that an account has an ECDSA private key, since the account may be governed by multisig and use another signature scheme.
The @openzeppelin/contracts/utils/cryptography/SignatureChecker.sol library provides a way to verify signatures for different account implementations. We strongly encourage you to use this library whenever you need to check that a signature of an account is correct
Lead Judging Commences
Non-standart signing methods
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.