M-01 MitigationConfirmed #5

c4-bot-3 · 2024-04-10T03:21:57Z

Lines of code

Vulnerability details

Comments

In the original MagicSpend implementation there were insufficient checks that the MagicSpend contract had enough ETH to cover all the withdrawal requests in a UserOps bundle.

Mitigation

To mitigate this _validateRequest (called inside of validatePaymasterUserOp) allows requests to only request a fraction of the contracts ether balance meaning maxWithdrawDenominator amount of requests could be processed in a UserOps bundle without the contract unexpectedly running out of funds to cover withdrawals.

Conclusion

The mitigations made should fix this issue, providing maxWithdrawDenominator is set to a high enough value to cover the maximum possible user operations that can put into a single UserOps bundle.

However as the withdraw function also calls _validateRequest it is necessary that the contract has maxWithdrawDenominator times more than the maximum withdraw amount that can be signed for else their otherwise valid WithdrawRequest's will revert.

The text was updated successfully, but these errors were encountered:

c4-judge · 2024-04-11T12:11:16Z

3docSec marked the issue as satisfactory

c4-bot-3 added mitigation-confirmed MR-M-01 labels Apr 10, 2024

c4-bot-5 added a commit that referenced this issue Apr 10, 2024

McToady issue #5

ddc8586

c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Apr 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

M-01 MitigationConfirmed #5

M-01 MitigationConfirmed #5

c4-bot-3 commented Apr 10, 2024

c4-judge commented Apr 11, 2024