Not Restricted Range of Validation Can Cause Security Breachs
Summary
K1Validtor contract has own custom validation function which is called validateUserOp(). As ERC4337 standards it should return success message with restricted time range. 6 bytes for validUntil timestamp and 6 bytes for validAfter timestamp should be defined for vulnerabilities.
Vulnerability Details
In K1Validator module, validation made with following lines:
If it validates the operation it returns constant VALIDATION_SUCCESS value.
VALIDATION_SUCCESS value is defined as
So, both validUntil and validAfter parameters will be 0 ( validUntil will be max value of timestamp at ENTRYPOINT implementation ) and there will be unrestricted range.
Impact
UserOperations will be valid for anytime for signed hash.
Can cause front-running issues.
Tools Used
Manual review
Recommendations
Restricting this range for a specific time range will be safe for vulnerabilities.
https://eips.ethereum.org/EIPS/eip-4337
Lead Judging Commences
finding-validateUserOp-validUntil-validAfter-ERC4337
Invalid, this check is performed in the entry point contract as seen in this instances [here](https://github.com/eth-infinitism/account-abstraction/blob/develop/contracts/core/EntryPoint.sol#L605) --> [here](https://github.com/eth-infinitism/account-abstraction/blob/develop/contracts/core/EntryPoint.sol#L574-L576)
Appeal created
finding-validateUserOp-validUntil-validAfter-ERC4337
Invalid, this check is performed in the entry point contract as seen in this instances [here](https://github.com/eth-infinitism/account-abstraction/blob/develop/contracts/core/EntryPoint.sol#L605) --> [here](https://github.com/eth-infinitism/account-abstraction/blob/develop/contracts/core/EntryPoint.sol#L574-L576)
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.