Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔒 H-02 - Prevent Freezing of Funds in Factory Contracts #114

Merged
merged 5 commits into from
Aug 5, 2024
Merged

🔒 H-02 - Prevent Freezing of Funds in Factory Contracts #114

merged 5 commits into from
Aug 5, 2024

Conversation

Aboudjem
Copy link
Contributor

H-02. Freezing of user funds in factory contracts when alreadyDeployed is true

Issue: When a user tries to create a Nexus account that has already been deployed, the initial ETH deposit gets stuck in the factory contract. This can be exploited by attackers to perform griefing attacks.

Fix: Introduced a new error AccountAlreadyDeployed that reverts the tx if the account is already deployed and msg.value > 0.

Summary of Fixes:

  • Introduced the AccountAlreadyDeployed error.
  • Updated factory contracts to revert with AccountAlreadyDeployed when the account is already deployed and msg.value > 0.

@Aboudjem Aboudjem self-assigned this Jul 29, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 29, 2024
edited
Loading

Changes to gas cost

Generated at commit: ba4e4a47250ca1e49a4960f340cd48198e4145fc, compared to commit: 482e6ccf77171257e69f8ee744294df233c221f2

🧾 Summary (5% most significant diffs)

Contract Method Avg (+/-) %
Bootstrap initNexusScoped +677 ❌ +0.83%
Nexus initializeAccount +677 ❌ +0.52%
Full diff report 👇
Contract Deployment Cost (+/-) Method Min (+/-) % Avg (+/-) % Median (+/-) % Max (+/-) % # Calls (+/-)
Bootstrap 2,429,946 (-22,794) initNexusScoped 62,207 (+677) +1.10% 82,042 (+677) +0.83% 82,107 (+677) +0.83% 82,107 (+677) +0.83% 309 (0)
Nexus 5,401,892 (0) initializeAccount 110,748 (+677) +0.62% 130,583 (+677) +0.52% 130,648 (+677) +0.52% 130,648 (+677) +0.52% 309 (0)
NexusAccountFactory 816,559 (+20,395) createAccount 212,343 (+660) +0.31% 229,964 (+660) +0.29% 232,483 (+660) +0.28% 232,483 (+660) +0.28% 8 (0)

@Aboudjem Aboudjem changed the title fix: handle inner call failure and msgvalue in factory contracts 🔒️ h02 - handle inner call failure and msgvalue in factory contracts Jul 29, 2024
livingrockrises
livingrockrises reviewed Jul 29, 2024
View reviewed changes
contracts/factory/NexusAccountFactory.sol
@@ -58,6 +58,8 @@ contract NexusAccountFactory is Stakeable, INexusFactory {
if (!alreadyDeployed) {
INexus(account).initializeAccount(initData);
emit AccountCreated(account, initData, salt);
} else if (msg.value > 0) {
revert AccountAlreadyDeployed(account);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we have negative test case for this how entrypoint behaves.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

by sending a userop

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

livingrockrises
livingrockrises reviewed Jul 29, 2024
View reviewed changes
Copy link
Contributor

@livingrockrises livingrockrises left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reviewed

livingrockrises
livingrockrises reviewed Jul 29, 2024
View reviewed changes
Copy link
Contributor

@livingrockrises livingrockrises left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good. we can review naming of events once again, and get more reviews!

@codecov Codecov
Copy link

codecov bot commented Jul 31, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 81.81818% with 2 lines in your changes missing coverage. Please review.

Project coverage is 71.17%. Comparing base (482e6cc) to head (a1c968d).

Files Patch % Lines
contracts/factory/NexusAccountFactory.sol 50.00% 1 Missing ⚠️
contracts/factory/RegistryFactory.sol 50.00% 1 Missing ⚠️
Additional details and impacted files 
@@                 Coverage Diff                  @@
##           fix/security-h01     #114      +/-   ##
====================================================
- Coverage             72.18%   71.17%   -1.02%     
====================================================
  Files                    13       13              
  Lines                   676      680       +4     
  Branches                124      151      +27     
====================================================
- Hits                    488      484       -4     
- Misses                  186      196      +10     
+ Partials                  2        0       -2
Files Coverage Δ
contracts/factory/BiconomyMetaFactory.sol 93.33% <100.00%> (ø)
contracts/factory/K1ValidatorFactory.sol 69.69% <100.00%> (+3.03%) ⬆️
contracts/utils/RegistryBootstrap.sol 100.00% <100.00%> (+8.69%) ⬆️
contracts/factory/NexusAccountFactory.sol 60.71% <50.00%> (-0.83%) ⬇️
contracts/factory/RegistryFactory.sol 61.81% <50.00%> (-0.45%) ⬇️

... and 4 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 482e6cc...a1c968d. Read the comment docs.

@Aboudjem Aboudjem changed the title 🔒️ h02 - handle inner call failure and msgvalue in factory contracts 🔒 H-02 - Prevent Freezing of Funds in Factory Contracts Jul 31, 2024
Aboudjem and others added 2 commits August 2, 2024 20:56
@Aboudjem
Merge branch 'fix/security-h02' into fix/security-h03
32e12fb
@livingrockrises
Merge pull request #115 from bcnmy/fix/security-h03
a1c968d 
🔒 H-03 - Enforce Registry Calls Before Module Setup to Comply with EIP-7484
@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 5, 2024

🤖 Slither Analysis Report 🔎

Slither report

# Slither report

THIS CHECKLIST IS NOT COMPLETE. Use --show-ignored-findings to show all the results.
Summary

constable-states

Impact: Optimization
🔴 Confidence: High

base/RegistryAdapter.sol#L12

factory/RegistryFactory.sol#L39

_This comment was automatically generated by the GitHub Actions workflow._

@openzeppelin-code OpenZeppelin Code
Copy link

🔒 H-02 - Prevent Freezing of Funds in Factory Contracts

Generated at commit: a1c968d24d21828b9b5a4f4f2c6fec6535a2d43d

🚨 Report Summary

Severity Level Results
Contracts Critical
High
Medium
Low
Note
Total		 0
1
0
6
24
31

For more details view the full report in OpenZeppelin Code Inspector

@livingrockrises livingrockrises merged commit c3df11c into fix/security-h01 Aug 5, 2024
9 of 11 checks passed
@livingrockrises livingrockrises deleted the fix/security-h02 branch August 5, 2024 15:39
@Aboudjem Aboudjem restored the fix/security-h02 branch August 7, 2024 22:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@livingrockrises livingrockrises livingrockrises approved these changes

@filmakarov filmakarov Awaiting requested review from filmakarov

@ankurdubey521 ankurdubey521 Awaiting requested review from ankurdubey521

@VGabriel45 VGabriel45 Awaiting requested review from VGabriel45

Assignees

@Aboudjem Aboudjem

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Aboudjem @livingrockrises