Biconomy: Nexus
Biconomy
HardhatFoundry
30,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Potential for Denial of Service (DoS) in Validator Management

nexarion

Summary

The smart contract ensures that at least one validator is always present to maintain the account's functionality. However, I noticed no mechanism to ensure that at least one validator is functional. If all but one validator becomes non-functional, the account could become locked, as the last validator cannot be removed or replaced. This situation can lead to a denial of service (DoS), preventing the account from performing any actions that require validator approval.

Vulnerability Details

Here is the code:

https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/base/ModuleManager.sol#L216-L227

The _uninstallValidator function in ModuleManager.sol includes a check to prevent the removal of the last validator:

function _uninstallValidator(address validator, bytes calldata data) internal virtual {
SentinelListLib.SentinelList storage validators = _getAccountStorage().validators;
(address prev, bytes memory disableModuleData) = abi.decode(data, (address, bytes));
// Check if the account has at least one validator installed before proceeding
// Having at least one validator is a requirement for the account to function properly
require(!(prev == address(0x01) && validators.getNext(validator) == address(0x01)), CannotRemoveLastValidator());
validators.pop(prev, validator);
IValidator(validator).onUninstall(disableModuleData);
}

This check ensures that the account always has at least one validator. However, if all but one validator becomes non-functional due to bugs, external dependencies, or malicious actions, the account could become locked. The smart account owner would be unable to remove the non-functional validator and replace it with a new one, leading to a denial of service.

Impact

The impact of this vulnerability is a potential denial of service (DoS) where the smart account becomes locked and unable to perform any actions that require validator approval. This could severely affect the functionality and usability of the smart account, rendering it inoperative until the issue is resolved.

Tools Used

  • Manual code review

Recommendations

To mitigate this vulnerability, consider implementing the following measures:

  1. Health Checks: Implement health checks for validators to ensure they are functional. If a validator is found to be non-functional, it should be flagged, and the smart account owner should be notified. This can be done by periodically calling a function on the validator to ensure it responds correctly.

  2. Grace Period: Allow a grace period during which the last validator can be replaced if it is found to be non-functional. This can be achieved by temporarily relaxing the restriction on removing the last validator. For example, allow the removal of the last validator if it has been flagged as non-functional for a certain period.

  3. Fallback Mechanism: Implement a fallback mechanism that allows the smart account owner to replace a non-functional validator with a new one, even if it is the last validator.

Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

finding-no-executor-module-left

Invalid, known issue: > Validator management > - A Nexus Smart Account could be locked forever if the owner installs a validator in the wrong way and does remove all other valid validators

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.