Summary

The signature validation process in Nexus.sol can fail under specific conditions, particularly for counterfactual ERC-4337 accounts, which impacts the usability for users of certain wallets.

Vulnerability Details

The function isValidSignatureWithSender uses SignatureCheckerLib to validate signatures. It assumes the contract implementing ERC-1271 is already deployed, which is problematic for ERC-4337 accounts that exist "counterfactually" (i.e., they have addresses but are not yet deployed).

https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/modules/validators/K1Validator.sol#L95-L108

Issue Explanation

• Counterfactual Account Issue: The function validates signatures for smartAccountOwners[msg.sender], assuming these contracts are deployed. For ERC-4337 accounts, which are counterfactual, the contracts are not deployed yet, causing signature validation to fail.

• No Handling for Counterfactual States: The function lacks a mechanism to handle the scenario where the contract is not deployed. It only checks for deployed contracts using the signature directly or the Ethereum-signed message hash.

Impact

This vulnerability impacts Biconomy's ability to validate signatures for counterfactual ERC-4337 accounts, limiting the functionality for users relying on account abstraction (AA) wallets. Consequently, operations in Nexus.sol that require signature validation are unavailable to some users, affecting the overall usability of the platform.

Tools Used

Manual review

Recommendations

To address this issue, it is recommended to implement EIP-6492. This EIP provides a universal method to verify signatures from both deployed and counterfactual contracts.