Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: [ALC-2] check paymaster address in hook as well #309

Merged

Conversation

jaypaik
Copy link
Collaborator

@jaypaik jaypaik commented Nov 25, 2024

Due to the fact that the onInstall() callback at installation is optional, the paymasters[entityId][msg.sender] mapping could remain unset at installation, therefore potentially still resolving to the zero slot.

Copy link

Summary by Octane

New Contracts

No new contracts were added in this PR.

Updated Contracts

  • PaymasterGuardModule.sol: The update adds a check for invalid paymasters by reverting if the paymaster address is zero.

🔗 Commit Hash: 7d30bdf

Copy link
Collaborator Author

jaypaik commented Nov 25, 2024

This stack of pull requests is managed by Graphite. Learn more about stacking.

@jaypaik jaypaik marked this pull request as ready for review November 25, 2024 16:28
Copy link

Contract sizes:

 | Contract                      | Runtime Size (B) | Initcode Size (B) | Runtime Margin (B) | Initcode Margin (B) |
 |-------------------------------|------------------|-------------------|--------------------|---------------------|
 | AccountFactory                |            6,121 |             6,595 |             18,455 |              42,557 |
 | AllowlistModule               |            9,602 |             9,629 |             14,974 |              39,523 |
 | ExecutionInstallDelegate      |            5,947 |             5,993 |             18,629 |              43,159 |
 | ModularAccount                |           22,134 |            22,533 |              2,442 |              26,619 |
 | NativeTokenLimitModule        |            4,583 |             4,610 |             19,993 |              44,542 |
-| PaymasterGuardModule          |            1,845 |             1,872 |             22,731 |              47,280 |
+| PaymasterGuardModule          |            1,827 |             1,854 |             22,749 |              47,298 |
 | SemiModularAccount7702        |           23,246 |            23,638 |              1,330 |              25,514 |
 | SemiModularAccountBytecode    |           23,728 |            24,127 |                848 |              25,025 |
 | SemiModularAccountStorageOnly |           24,227 |            24,626 |                349 |              24,526 |
 | SingleSignerValidationModule  |            3,646 |             3,673 |             20,930 |              45,479 |
 | TimeRangeModule               |            2,223 |             2,250 |             22,353 |              46,902 |
 | WebAuthnValidationModule      |            7,854 |             7,881 |             16,722 |              41,271 |

Code coverage:

File % Lines % Statements % Branches % Funcs
src/account/AccountBase.sol 100.00% (8/8) 100.00% (7/7) 100.00% (2/2) 100.00% (4/4)
src/account/AccountStorageInitializable.sol 100.00% (19/19) 100.00% (26/26) 100.00% (5/5) 100.00% (2/2)
src/account/ModularAccount.sol 100.00% (3/3) 100.00% (6/6) 100.00% (0/0) 100.00% (3/3)
src/account/ModularAccountBase.sol 98.98% (290/293) 96.23% (357/371) 77.59% (45/58) 97.30% (36/37)
src/account/ModularAccountView.sol 100.00% (29/29) 100.00% (33/33) 100.00% (3/3) 100.00% (5/5)
src/account/ModuleManagerInternals.sol 93.94% (62/66) 95.24% (80/84) 63.64% (7/11) 100.00% (4/4)
src/account/SemiModularAccount7702.sol 0.00% (0/6) 0.00% (0/6) 0.00% (0/1) 0.00% (0/3)
src/account/SemiModularAccountBase.sol 88.24% (60/68) 91.84% (90/98) 64.71% (11/17) 100.00% (16/16)
src/account/SemiModularAccountBytecode.sol 100.00% (6/6) 100.00% (7/7) 100.00% (1/1) 100.00% (2/2)
src/account/SemiModularAccountStorageOnly.sol 66.67% (4/6) 50.00% (5/10) 100.00% (0/0) 33.33% (1/3)
src/account/TokenReceiver.sol 33.33% (1/3) 33.33% (1/3) 100.00% (0/0) 33.33% (1/3)
src/factory/AccountFactory.sol 84.78% (39/46) 87.10% (54/62) 50.00% (3/6) 62.50% (10/16)
src/helpers/ExecutionInstallDelegate.sol 88.14% (52/59) 89.47% (68/76) 25.00% (2/8) 100.00% (7/7)
src/libraries/ExecutionLib.sol 99.64% (276/277) 98.89% (268/271) 90.91% (30/33) 100.00% (24/24)
src/libraries/KnownSelectorsLib.sol 100.00% (16/16) 100.00% (34/34) 100.00% (0/0) 100.00% (2/2)
src/libraries/LinkedListSetLib.sol 94.00% (47/50) 96.25% (77/80) 66.67% (4/6) 100.00% (8/8)
src/libraries/MemManagementLib.sol 100.00% (54/54) 100.00% (70/70) 100.00% (0/0) 100.00% (12/12)
src/libraries/ModuleInstallCommonsLib.sol 57.14% (8/14) 42.11% (8/19) 75.00% (3/4) 100.00% (3/3)
src/libraries/ValidationLocatorLib.sol 65.48% (55/84) 70.97% (66/93) 45.83% (11/24) 85.00% (17/20)
src/modules/ModuleBase.sol 100.00% (13/13) 94.12% (16/17) 100.00% (2/2) 100.00% (3/3)
src/modules/permissions/AllowlistModule.sol 86.21% (75/87) 85.84% (97/113) 78.26% (18/23) 50.00% (9/18)
src/modules/permissions/NativeTokenLimitModule.sol 89.13% (41/46) 90.48% (57/63) 100.00% (13/13) 66.67% (8/12)
src/modules/permissions/PaymasterGuardModule.sol 78.57% (11/14) 78.95% (15/19) 33.33% (1/3) 71.43% (5/7)
src/modules/permissions/TimeRangeModule.sol 89.47% (17/19) 85.71% (24/28) 100.00% (5/5) 87.50% (7/8)
src/modules/validation/SingleSignerValidationModule.sol 92.00% (23/25) 81.58% (31/38) 62.50% (5/8) 90.00% (9/10)
src/modules/validation/WebAuthnValidationModule.sol 61.11% (11/18) 66.67% (18/27) 100.00% (3/3) 60.00% (6/10)
Total 91.80% (1220/1329) 91.21% (1515/1661) 73.73% (174/236) 84.30% (204/242)

Copy link

Overview

Octane AI analysis has finished. No vulnerabilities were found. Cheers! 🎉🎉🎉


🔗 Commit Hash: 7d30bdf

@jaypaik jaypaik merged commit d83d463 into develop Nov 25, 2024
7 checks passed
@jaypaik jaypaik deleted the 11-25-fix_alc-2_check_paymaster_address_in_hook_as_well branch November 25, 2024 19:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants