Biconomy: Nexus
Biconomy
HardhatFoundry
30,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Nexus.sol::initializeAccount() will revert

456456

Summary

Nexus.sol::initializeAccount() reverts because of faulty logic

Vulnerability Details

In constructor, Nexus.sol calls internal method _initModuleManager() which initializes the contract's `validators` and `executors` SentinelLists, and when you invoke initializeAccount(), it also calls _initModuleManager() which will revert because the SentinelLists are already initialized.

constructor(address anEntryPoint) {
_SELF = address(this);
require(address(anEntryPoint) != address(0), EntryPointCanNotBeZero());
_ENTRYPOINT = anEntryPoint;
_initModuleManager();
}
function initializeAccount(bytes calldata initData) external payable virtual {
_initModuleManager();
(address bootstrap, bytes memory bootstrapCall) = abi.decode(initData, (address, bytes));
(bool success, ) = bootstrap.delegatecall(bootstrapCall);
require(success, NexusInitializationFailed());
}
function _initModuleManager() internal virtual {
// account module storage
AccountStorage storage ams = _getAccountStorage();
ams.executors.init();
ams.validators.init();
}
function init(SentinelList storage self) internal {
if (alreadyInitialized(self)) revert LinkedList_AlreadyInitialized();
self.entries[SENTINEL] = SENTINEL;
}

Impact

Some protocol logic might unexpectedly revert

Tools Used

Manual review

Recommendations

Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

finding-initializeAccount-revert

Invalid, if a `Nexus.sol` contract is already deployed, it does not need to be initialized again within the factory as seen [here](https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/factory/NexusAccountFactory.sol#L58-L60), so no issue here

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.