Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Finding #19: Ensure Validator Module Type Check in Enable Mode #126

Conversation

Aboudjem
Copy link
Contributor

@Aboudjem Aboudjem commented Aug 1, 2024

  • Ensures proper validation of module type during enable mode in validateUserOp.
  • Adds a check to confirm the module type is a validator.
  • Prevents bypassing validation by non-validator module types.

Copy link

github-actions bot commented Aug 1, 2024

🤖 Slither Analysis Report 🔎

Slither report

# Slither report

THIS CHECKLIST IS NOT COMPLETE. Use --show-ignored-findings to show all the results.
Summary

constable-states

Impact: Optimization
🔴 Confidence: High

base/RegistryAdapter.sol#L12

factory/RegistryFactory.sol#L39

_This comment was automatically generated by the GitHub Actions workflow._

Copy link

github-actions bot commented Aug 1, 2024

Changes to gas cost

Generated at commit: a80555e126e4eb373b508e76e9193070fca89cb1, compared to commit: 748efe15f009896a48f10d1afe004bcb6feccb47

🧾 Summary (5% most significant diffs)

Contract Method Avg (+/-) %

Full diff report 👇
Contract Deployment Cost (+/-) Method Min (+/-) % Avg (+/-) % Median (+/-) % Max (+/-) % # Calls (+/-)
Nexus 5,422,115 (+23,847)

Copy link

Fix Finding #19: Ensure Validator Module Type Check in Enable Mode

Generated at commit: 4d0c1196e97c3d3b50d8cb749fff4000878b4642

🚨 Report Summary

Severity Level Results
Contracts Critical
High
Medium
Low
Note
Total
0
1
0
6
24
31

For more details view the full report in OpenZeppelin Code Inspector

Copy link

codecov bot commented Aug 1, 2024

Codecov Report

Attention: Patch coverage is 83.33333% with 1 line in your changes missing coverage. Please review.

Project coverage is 72.68%. Comparing base (748efe1) to head (4d0c119).

Files Patch % Lines
contracts/base/ModuleManager.sol 75.00% 1 Missing ⚠️
Additional details and impacted files
@@                            Coverage Diff                             @@
##           fix/finding-18-withdraw-deposit-memory     #126      +/-   ##
==========================================================================
+ Coverage                                   72.60%   72.68%   +0.08%     
==========================================================================
  Files                                          13       13              
  Lines                                         657      659       +2     
  Branches                                      123      149      +26     
==========================================================================
+ Hits                                          477      479       +2     
  Misses                                        180      180              
Files Coverage Δ
contracts/Nexus.sol 61.36% <100.00%> (+0.22%) ⬆️
contracts/base/ModuleManager.sol 85.44% <75.00%> (+0.09%) ⬆️

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 748efe1...4d0c119. Read the comment docs.

@Aboudjem Aboudjem requested review from filmakarov and livingrockrises and removed request for filmakarov August 1, 2024 16:57
@Aboudjem Aboudjem self-assigned this Aug 1, 2024
@@ -107,8 +107,10 @@ contract Nexus is INexus, BaseAccount, ExecutionHelper, ModuleManager, UUPSUpgra
} else {
PackedUserOperation memory userOp = op;
userOp.signature = _enableMode(validator, op.signature);
// Ensure the module being enabled is a validator
if (!_isValidatorInstalled(validator)) return VALIDATION_FAILED;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should modify the wiki then https://github.com/bcnmy/nexus/wiki/Modules#module-enable-mode here it states that ANY MODULE can be installed using enableMode @Aboudjem

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

right ! @filmakarov @livingrockrises can you confirm it is the intended behavior?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fil's PR states this in finality
#112

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so should be closed?

@Aboudjem Aboudjem merged commit 4d0c119 into fix/finding-18-withdraw-deposit-memory Aug 12, 2024
9 of 11 checks passed
@Aboudjem Aboudjem deleted the fix/finding-19-enable-mode-validator-check branch August 12, 2024 19:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants