Biconomy: Nexus
Biconomy
HardhatFoundry
30,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

`Nexus.validateUserOp()` violates the EIP-4337 specification

MiloTruck

Summary

validateUserOp() in nexus accounts do not revert when the validator specified is not installed, violating the EIP-4337 specification.

Vulnerability Details

According to EIP-4337, validateUserOp() must revert if it encounters any error apart from a signature mismatch (ie. PackedUserOperation.signature is not a valid signature of userOpHash):

If the account does not support signature aggregation, it MUST validate the signature is a valid signature of the userOpHash, and SHOULD return SIG_VALIDATION_FAILED (and not revert) on signature mismatch. Any other error MUST revert.

However, if the validator specified in PackedUserOperation.nonce is not installed in the smart account, Nexus.validateUserOp() returns SIG_VALIDATION_FAILED instead of reverting:

Nexus.sol#L104-L105

// Check if validator is not enabled. If not, return VALIDATION_FAILED.
if (!_isValidatorInstalled(validator)) return VALIDATION_FAILED;

This is a violation of the EIP-4337 specification - validator not being installed is not a mismatch between userOpHash and the signature provided, so the function should revert.

Impact

Violation of the EIP-4337 specification could break composability with the EntryPoint contract and cause integration issues.

Recommendations

Instead of returning VALIDATION_FAILED, the function should revert:

- if (!_isValidatorInstalled(validator)) return VALIDATION_FAILED;
+ require(_isValidatorInstalled(validator), InvalidModule(validator));
Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-validateUserOp-revert-return-validator-failed

The argument for medium severity here is the potential inconsistencies with external integrations when validations does not revert during execution called from the entrypoint contract. Similar to issue #200, the impact is arguable, so would leave open for arguments during appeals period.

Appeal created

adriro Judge
about 1 year ago
0xnevi Lead Judge
about 1 year ago
0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-validateUserOp-revert-return-validator-failed

The argument for medium severity here is the potential inconsistencies with external integrations when validations does not revert during execution called from the entrypoint contract. Similar to issue #200, the impact is arguable, so would leave open for arguments during appeals period.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.