First Flight #19: Mondrian Wallet v2
First Flight #19
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Unprotected external function `MondrianWallet2::prepareForPaymaster`

0x5chn0uf

Summary

The MondrianWallet2 contract, an implementation of the IAccount interface for zkSync Era, contains an unimplemented prepareForPaymaster function. While this function is required by the interface, its current empty implementation could potentially lead to confusion or misuse.

Vulnerability Details

An external actor could call this function without any effect:

wallet.prepareForPaymaster(bytes32(0), bytes32(0), emptyTransaction);

This call would succeed but perform no action, potentially confusing the caller or wasting gas.

Impact

The empty implementation of prepareForPaymaster presents minimal direct security risks but could lead to confusion for developers or auditors unfamiliar with the zkSync Era system. Even though the function does nothing, if called, it will still costs gas, leading to unnecessary gas consumption.

The overall impact is limited due to the function being a required part of the IAccount interface andintended for specific system interactions.

Tools Used

Recommendations

Implement basic Access Control. Even though the severity is low, it's still good practice to add these:

function prepareForPaymaster(
bytes32 _txHash,
bytes32 _possibleSignedHash,
Transaction calldata _transaction
- ) external payable override {}
+ ) external payable override requireFromBootLoader {}
Updates

Lead Judging Commences

bube Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.