Biconomy: Nexus
Biconomy
HardhatFoundry
30,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

`Nexus.validateUserOp()` violates the EIP-4337 specification

MiloTruck

Summary

validateUserOp() in nexus accounts do not revert when the validator specified is not installed, violating the EIP-4337 specification.

Vulnerability Details

According to EIP-4337, validateUserOp() must revert if it encounters any error apart from a signature mismatch (ie. PackedUserOperation.signature is not a valid signature of userOpHash):

If the account does not support signature aggregation, it MUST validate the signature is a valid signature of the userOpHash, and SHOULD return SIG_VALIDATION_FAILED (and not revert) on signature mismatch. Any other error MUST revert.

However, if the validator specified in PackedUserOperation.nonce is not installed in the smart account, Nexus.validateUserOp() returns SIG_VALIDATION_FAILED instead of reverting:

Nexus.sol#L104-L105

// Check if validator is not enabled. If not, return VALIDATION_FAILED.
if (!_isValidatorInstalled(validator)) return VALIDATION_FAILED;

This is a violation of the EIP-4337 specification - validator not being installed is not a mismatch between userOpHash and the signature provided, so the function should revert.

Impact

Violation of the EIP-4337 specification could break composability with the EntryPoint contract and cause integration issues.

Recommendations

Instead of returning VALIDATION_FAILED, the function should revert:

- if (!_isValidatorInstalled(validator)) return VALIDATION_FAILED;
+ require(_isValidatorInstalled(validator), InvalidModule(validator));
Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-validateUserOp-revert-return-validator-failed

The argument for medium severity here is the potential inconsistencies with external integrations when validations does not revert during execution called from the entrypoint contract. Similar to issue #200, the impact is arguable, so would leave open for arguments during appeals period.

Appeal created

adriro Judge
10 months ago
0xnevi Lead Judge
10 months ago
0xnevi Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-validateUserOp-revert-return-validator-failed

The argument for medium severity here is the potential inconsistencies with external integrations when validations does not revert during execution called from the entrypoint contract. Similar to issue #200, the impact is arguable, so would leave open for arguments during appeals period.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.