Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🔒 H-03 - Enforce Registry Calls Before Module Setup to Comply with EIP-7484 #115

Merged
merged 2 commits into from
Aug 5, 2024

Conversation

Aboudjem
Copy link
Contributor

@Aboudjem Aboudjem commented Jul 29, 2024

H-03. Registry is never called when setting up modules using the Bootstrap contract

Issue: In the Bootstrap contract, the registry is never called as modules are installed before calling _configureRegistry(), violating the EIP-7484 spec.

Fix: Called _configureRegistry() before installing modules to ensure the registry is queried as required.

Summary of Fixes:

  • Adjusted the order of operations in the Bootstrap contract functions to call _configureRegistry() before installing modules, ensuring compliance with EIP-7484.

Copy link

github-actions bot commented Jul 29, 2024

Changes to gas cost

Generated at commit: d9c7017956f61d7862f4e96c9ab127ea41027124, compared to commit: 082591d3383b367bc1a9e9ba40c7042e7af6187a

🧾 Summary (5% most significant diffs)

Contract Method Avg (+/-) %
Bootstrap initNexusScoped +677 ❌ +0.83%
Nexus initializeAccount +677 ❌ +0.52%

Full diff report 👇
Contract Deployment Cost (+/-) Method Min (+/-) % Avg (+/-) % Median (+/-) % Max (+/-) % # Calls (+/-)
Bootstrap 2,429,946 (-22,794) initNexusScoped 62,207 (+677) +1.10% 82,042 (+677) +0.83% 82,107 (+677) +0.83% 82,107 (+677) +0.83% 309 (0)
Nexus 5,401,892 (0) initializeAccount 110,748 (+677) +0.62% 130,583 (+677) +0.52% 130,648 (+677) +0.52% 130,648 (+677) +0.52% 309 (0)
NexusAccountFactory 816,559 (0) createAccount 212,343 (+677) +0.32% 229,964 (+677) +0.30% 232,483 (+677) +0.29% 232,483 (+677) +0.29% 8 (0)

@Aboudjem Aboudjem changed the title refactor Bootstrap contract to improve code organization 🔒️ h03 - refactor Bootstrap contract to improve code organization Jul 29, 2024
@livingrockrises
Copy link
Contributor

description is wrong at the bottom why is this copy pasted here?

These changes address critical security issues by ensuring proper handling of msg.value, preventing ETH from getting stuck in factory contracts, and ensuring the registry is correctly queried when setting up modules. This enhances the security and reliability of the Nexus smart contracts.

@Aboudjem Aboudjem changed the title 🔒️ h03 - refactor Bootstrap contract to improve code organization 🔒 H-03 - Enforce Registry Calls Before Module Setup to Comply with EIP-7484 Jul 31, 2024
Copy link

github-actions bot commented Aug 2, 2024

🤖 Slither Analysis Report 🔎

Slither report

# Slither report

THIS CHECKLIST IS NOT COMPLETE. Use --show-ignored-findings to show all the results.
Summary

constable-states

Impact: Optimization
🔴 Confidence: High

base/RegistryAdapter.sol#L12

factory/RegistryFactory.sol#L39

_This comment was automatically generated by the GitHub Actions workflow._

Copy link

🔒 H-03 - Enforce Registry Calls Before Module Setup to Comply with EIP-7484

Generated at commit: 32e12fb8bc3f4ab19662fb1ab2b550335b3d637c

🚨 Report Summary

Severity Level Results
Contracts Critical
High
Medium
Low
Note
Total
0
1
0
6
24
31

For more details view the full report in OpenZeppelin Code Inspector

Copy link

codecov bot commented Aug 2, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.17%. Comparing base (082591d) to head (32e12fb).

Additional details and impacted files
@@                Coverage Diff                @@
##           fix/security-h02     #115   +/-   ##
=================================================
  Coverage             71.17%   71.17%           
=================================================
  Files                    13       13           
  Lines                   680      680           
  Branches                151      127   -24     
=================================================
  Hits                    484      484           
  Misses                  196      196           
Files Coverage Δ
contracts/utils/RegistryBootstrap.sol 100.00% <100.00%> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 082591d...32e12fb. Read the comment docs.

@livingrockrises livingrockrises merged commit a1c968d into fix/security-h02 Aug 5, 2024
9 of 11 checks passed
@livingrockrises livingrockrises deleted the fix/security-h03 branch August 5, 2024 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants