Submission Details
Severity:
Outside transactions are not validated
Summary
Vulnerability Details
Function: executeTransactionFromOutside
The executeTransactionFromOutside function calls _validateTransaction but does not check the returned value. This can lead to potential security vulnerabilities where invalid transactions might be executed.
function executeTransactionFromOutside(Transaction memory _transaction) external payable {
_validateTransaction(_transaction);
_executeTransaction(_transaction);
}
Impact
An attacker can execute any transaction on the wallet.
Tools Used
Manual review
Recommendations
The returned value of _validateTransaction should be checked, and the transaction should be reverted if it is not ACCOUNT_VALIDATION_SUCCESS_MAGIC.
function executeTransactionFromOutside(Transaction memory _transaction) external payable {
bytes4 magic = _validateTransaction(_transaction);
require(magic == ACCOUNT_VALIDATION_SUCCESS_MAGIC, "Transaction validation failed");
_executeTransaction(_transaction);
}
Rewards breakdown
nSLOC
105This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.