First Flight #19: Mondrian Wallet v2
First Flight #19
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`MondrianWallet2::executeTransactionFromOutside` is missing magic validation

coffee

Summary

MondrianWallet2::executeTransactionFromOutside is missing magic validation from the _validateTrasaction function.

Vulnerability Details

The magic needs to be checked against the ACCOUNT_VALIDATION_SUCCESS_MAGIC. The magic value needs to be validated to confirm that the transactions meet all of the protocol criteria before execution, it is critical for ensuring the integrity and correctness of the transactions.

Impact

Without this validation, it is unknown if the transactions are correct or meet all of the necessary criteria before execution.

Tools Used

--Foundy

Recommendations

It is recommended to add a validation check to check the magic.

function executeTransactionFromOutside(Transaction memory _transaction) external payable {
- _validateTransaction(_transaction);
+ bytes4 magic = _validateTransaction(_transaction);
+ if (magic != ACCOUNT_VALIDATION_SUCCESS_MAGIC) {
+ revert ZkMinimalAccount__InvalidSignature();
+ }
_executeTransaction(_transaction);
}
Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Missing validation in executeTransactionFromOutside

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.