The installModule
function in Nexus.sol
calls _installModule
to add a new module to the smart account. However, _installModule
lacks a check to revert if the module is already enabled. This violates the requirements of EIP-7579, which mandates reverting if the module is already enabled.
Without this check, the system allows redundant installations of modules, which can lead to potential security risks & unnecessary consumption of resources. This behavior does not comply with EIP-7579, potentially compromising the integrity of the modular smart account system.
Add a check in the _installModule
function to verify if the module is already installed. If it is, revert the transaction to prevent redundant installations. Ensure that the ModuleAlreadyInstalled
error is defined and used appropriately within the function.
Invalid per comments [here](https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/base/ModuleManager.sol#L185-L186), with checks implemented [in this contract here](https://github.com/rhinestonewtf/sentinellist/blob/main/src/SentinelList.sol)
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.