Biconomy: Nexus

Biconomy

HardhatFoundry

30,000 USDC

Submission Details

Severity: high

Invalid

The `K1Validator` omits the Nexus account address in the signature verification within the `isValidSignatureWithSender` function when it got called in `_enableMode` function , enabling replay attacks across multiple accounts owned by the same user.

Updates

0xnevi Lead Judge

6 months ago

0xnevi Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Total prize

30,000 USDC

nSLOC

1,433

21 USDC / LOC

High Medium

25,000 USDC

Low

2,750 USDC

Judges

2,250 USDC

The contest is live. Earn rewards by submitting a finding.

Submissions are being reviewed by the community.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can’t find an answer? Join our Discord or follow us on Twitter.