-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🔒 M-05 - Revert on Validator Not Installed in validateUserOp() #121
🔒 M-05 - Revert on Validator Not Installed in validateUserOp() #121
Conversation
…functions in TestK1Validator
…t instead of returning invalid
…of returning invalid
…of returning invalid
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## remediations/cantina-spearbit #121 +/- ##
=================================================================
- Coverage 75.67% 75.61% -0.07%
=================================================================
Files 13 13
Lines 666 693 +27
Branches 154 141 -13
=================================================================
+ Hits 504 524 +20
- Misses 162 169 +7
Continue to review full report in Codecov by Sentry.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
left comment. almost approved..
│ └── it should fail the validation | ||
└── when validating user operation with an invalid user address | ||
└── it should fail the validation | ||
├── when validating user operations with a valid signature and sufficient funds |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure if this is making any sense..
├── when validating user operations with an invalid signature
│ └── it should fail validation with InvalidModule error
├── when validating user operations with an invalid nonce
│ └── it should fail validation with InvalidModule error
├── when validating user operations with an invalid nonce and valid signature
│ └── it should fail validation with InvalidModule error
└── when validating user operations with an invalid user address
└── it should fail validation with InvalidModule error
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not
test/foundry/unit/concrete/erc4337account/TestERC4337Account_ValidateUserOp.t.sol
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Aboudjem have a look over the comments, if there is not way to improve the error handling at least change revert reason name as Chirag suggested
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is the relevant part of the EIP
If the account does not support signature aggregation, it MUST validate that the signature is a valid signature of the userOpHash, and SHOULD return SIG_VALIDATION_FAILED (and not revert) on signature mismatch. Any other error MUST revert.
contracts/Nexus.sol
Outdated
// Check if validator is not enabled. If not, return VALIDATION_FAILED. | ||
if (!_isValidatorInstalled(validator)) return VALIDATION_FAILED; | ||
// Check if validator is not enabled. If not, revert. | ||
require(_isValidatorInstalled(validator), InvalidModule(validator)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should then also apply to both if
and else
branches in https://github.com/bcnmy/nexus/pull/139/files as both branches there return this constant
so there are two functions, and implementation recap
/// @notice Ensures the message sender is a registered executor module.
some foundry tests may fail now as I haven't built and checked. but I have made code changes and made sure 1. it compiles 2. hardhat tests run. |
I also need final review on stage of validateUserOp, as it may have bricked enable mode logic so please @filmakarov
there is one doubt now, we are never returning VALIDATION_FAILED in this function. wdyt? @MrToph |
I agree that it should revert always but when signature is actually invalid. As for enable mode, it shouldn't be bricked, as it is always an already installed validator now in the nonce, so I'm fine with merging it as soon as corresponding tests pass |
tests are passing now. please check latest commit |
🤖 Slither Analysis Report 🔎Slither report
# Slither report
_This comment was automatically generated by the GitHub Actions workflow._
THIS CHECKLIST IS NOT COMPLETE. Use
constable-statesImpact: Optimization
|
8199fab
into
remediations/cantina-spearbit
What's the point of this require statement for enableMode? |
M-05.
Nexus.validateUserOp()
violates the EIP-4337 specificationvalidateUserOp()
does not revert when the validator is not installed.validateUserOp
.return VALIDATION_FAILED
withrequire(_isValidatorInstalled(validator), InvalidModule(validator))
.