HardhatFoundry
30,000 USDC
View results
Submission Details
Severity: low
Invalid

`_installModule` doesn't revert if module is already enabled, doesn't in compliance with ERC7579

GitHub
https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/Nexus.sol#L187-L190

Summary

The installModule function in Nexus.sol calls _installModule to add a new module to the smart account. However, _installModule lacks a check to revert if the module is already enabled. This violates the requirements of EIP-7579, which mandates reverting if the module is already enabled.

Impact

Without this check, the system allows redundant installations of modules, which can lead to potential security risks & unnecessary consumption of resources. This behavior does not comply with EIP-7579, potentially compromising the integrity of the modular smart account system.

Recommendation

Add a check in the _installModule function to verify if the module is already installed. If it is, revert the transaction to prevent redundant installations. Ensure that the ModuleAlreadyInstalled error is defined and used appropriately within the function.

Updates

Lead Judging Commences

0xnevi Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

finding-ERC7579-does-not-revert-when-module-installed

Invalid per comments [here](https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/base/ModuleManager.sol#L185-L186), with checks implemented [in this contract here](https://github.com/rhinestonewtf/sentinellist/blob/main/src/SentinelList.sol)

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.