First Flight #19: Mondrian Wallet v2
First Flight #19
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Missing Validation Check in `executeTransactionFromOutside` Function

yaioxy

Summary

The executeTransactionFromOutside function in the MondrianWallet2 contract does not properly validate the return value from the _validateTransaction function, which could lead to unauthorized transactions being executed.

Vulnerability Details

In the executeTransactionFromOutside function, the return value from the _validateTransaction function is not checked before executing the transaction. The _validateTransaction function is responsible for validating the transaction signature and ensuring that the transaction is authorized. If the validation fails, it should return a value other than ACCOUNT_VALIDATION_SUCCESS_MAGIC. However, the executeTransactionFromOutside function does not check for this condition, allowing potentially unauthorized transactions to be executed.

Impact

An attacker could execute unauthorized transactions on behalf of the MondrianWallet2 contract.

Tools Used

Manual review, docs

Recommendations

The executeTransactionFromOutside function should be modified to check the return value from the _validateTransaction function and revert if the validation fails.

function executeTransactionFromOutside(Transaction memory _transaction) external payable {
- _validateTransaction(_transaction);
+ bytes4 magic = _validateTransaction(_transaction);
+ if (magic != ACCOUNT_VALIDATION_SUCCESS_MAGIC) {
+ revert MondrianWallet2__InvalidSignature();
+ }
_executeTransaction(_transaction);
}
Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Missing validation in executeTransactionFromOutside

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.