HardhatFoundry
30,000 USDC
View results
Submission Details
Severity: medium
Invalid

Once a module has been installed, it may not be uninstalled

Summary

Once a module has been installed, it may not be uninstalled, leading to a Denial of Service (DoS) on the Nexus::uninstallModule(uint256, address, bytes calldata) function for this module.

Vulnerability Details

When a module is installed, it may not be uninstalled using the function Nexus::uninstallModule(uint256, address, bytes calldata). This is because the module could revert the whole transaction when the function IModule::onUninstall(bytes calldata) is called on it during the execution of Nexus::uninstallModule(uint256, address, bytes calldata). This behavior could lead to a DoS on the uninstallModule function for a given module. The vulnerability lies in the fact that the only way to uninstall a module relies on a function of the module itself.

Proof of Code

contract ModuleHook is IHook {
uint constant hookId = 1;
function preCheck(address msgSender, uint256 msgValue, bytes calldata msgData) external returns (bytes memory hookData) {
// code
}
function postCheck(bytes calldata hookData) external {
// code
}
function onUninstall(bytes calldata data) external {
revert();
}
function onInstall(bytes calldata data) external {
// Installation code
}
function isModuleType(uint256 moduleTypeId) external view returns (bool) {
return hookId == moduleTypeId;
}
function isInitialized(address smartAccount) external view returns (bool) {
// Initialization code
}
}

If a user chooses to install this Hook module for any reason on their Nexus account, it cannot be uninstalled due to the call to the ModuleHook::onUninstall(bytes calldata data) function during the execution of Nexus::uninstallModule(uint256, address, bytes calldata).

Impact

The impact of this vulnerability could lead to a DoS on the Nexus::uninstallModule(uint256, address, bytes calldata) function, preventing the uninstallation of a given module.

Tools Used

Manual review

Recommendations

To resolve this issue, it is recommended to add a Nexus::forceUninstallModule(uint256 moduleTypeId, address module, bytes calldata deInitData) function. This function should allow a user to force the uninstallation of a module from their Nexus Account without invoking any functions on the module itself. By bypassing the module's internal functions, this approach prevents a module from causing a Denial of Service (DoS) during the uninstallation process, ensuring the integrity and functionality of the Nexus system.

Updates

Lead Judging Commences

0xnevi Lead Judge
about 1 year ago
0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Appeal created

forgetfore1 Submitter
about 1 year ago
0xnevi Lead Judge
about 1 year ago
0xnevi Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.