Biconomy: Nexus
Biconomy
HardhatFoundry
30,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Should return `VALIDATION_FAILED` when fails to install validator module in Module Enable Mode flow

h2134

Summary

Should return VALIDATION_FAILED when install validator module in Module Enable Mode flow.

Vulnerability Details

when validateUserOp() is called by EntryPoint, if Module Enable Mode is not used, protocol will first check if the validator is enabled, and return VALIDATION_FAILED if not.

if (!op.nonce.isModuleEnableMode()) {
// Check if validator is not enabled. If not, return VALIDATION_FAILED.
@> if (!_isValidatorInstalled(validator)) return VALIDATION_FAILED;
validationData = IValidator(validator).validateUserOp(op, userOpHash);
} else {

If Module Enable Mode is used, then protocol will try to install the validator, but transaction will revert (in onInstall()) if it fails to do so. Apparently there is inconsistency in between, because this also means the validator is not enabled and protocol should return VALIDATION_FAILED instead.

Impact

VALIDATION_FAILED is not returned to EntryPoint when it should be.

Tools Used

Manual Review

Recommendations

If protocol fails to install validator in Module Enable Mode flow, do not revert but return VALIDATION_FAILED.

Updates

Lead Judging Commences

0xnevi Lead Judge
11 months ago
0xnevi Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

h2134 Submitter
11 months ago
0xnevi Lead Judge
11 months ago
0xnevi Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.