Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔒 M-03 - Add Authorization Control to Fallback Function #120

Closed
wants to merge 7 commits into from
Closed

🔒 M-03 - Add Authorization Control to Fallback Function #120

wants to merge 7 commits into from

Conversation

Aboudjem
Copy link
Contributor

M-03. Anyone can call the fallbackFunction because of missing authorization control

  • Issue: Lack of authorization control in the fallback function.
  • Affected Functions: fallback function in ModuleManager.
  • Fix: Implement proper authorization control to ensure only authorized entities can invoke it.

@Aboudjem Aboudjem self-assigned this Jul 31, 2024
@github-actions GitHub Actions
Copy link

🤖 Slither Analysis Report 🔎

Slither report

# Slither report

THIS CHECKLIST IS NOT COMPLETE. Use --show-ignored-findings to show all the results.
Summary

constable-states

Impact: Optimization
🔴 Confidence: High

base/RegistryAdapter.sol#L12

factory/RegistryFactory.sol#L39

_This comment was automatically generated by the GitHub Actions workflow._

@github-actions GitHub Actions
Copy link

Changes to gas cost

Generated at commit: 07c012a965078a3e22922aaf032d37609307c694, compared to commit: 5a75c21571a1cca8431b5c7b1cd1737e8f0ca367

🧾 Summary (5% most significant diffs)

Contract Method Avg (+/-) %
Full diff report 👇
Contract Deployment Cost (+/-) Method Min (+/-) % Avg (+/-) % Median (+/-) % Max (+/-) % # Calls (+/-)
Nexus 5,432,856 (+30,964)
Bootstrap 2,460,986 (+31,040)

@codecov Codecov
Copy link

codecov bot commented Jul 31, 2024

Codecov Report

Attention: Patch coverage is 74.41860% with 11 lines in your changes missing coverage. Please review.

Please upload report for BASE (fix/security-m01@5a75c21). Learn more about missing BASE report.

Files Patch % Lines
contracts/base/ModuleManager.sol 75.00% 5 Missing ⚠️
contracts/Nexus.sol 76.47% 4 Missing ⚠️
contracts/base/BaseAccount.sol 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@                 Coverage Diff                 @@
##             fix/security-m01     #120   +/-   ##
===================================================
  Coverage                    ?   71.73%           
===================================================
  Files                       ?       13           
  Lines                       ?      697           
  Branches                    ?      133           
===================================================
  Hits                        ?      500           
  Misses                      ?      197           
  Partials                    ?        0
Files Coverage Δ
contracts/base/Storage.sol 66.66% <ø> (ø)
contracts/modules/validators/K1Validator.sol 83.33% <100.00%> (ø)
contracts/base/BaseAccount.sol 62.85% <0.00%> (ø)
contracts/Nexus.sol 62.64% <76.47%> (ø)
contracts/base/ModuleManager.sol 85.97% <75.00%> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5a75c21...3f48ffb. Read the comment docs.

@Aboudjem Aboudjem changed the title Fix/security m03 🔒 M-03 - Add Authorization Control to Fallback Function Jul 31, 2024
livingrockrises
livingrockrises reviewed Aug 10, 2024
View reviewed changes
contracts/Nexus.sol
@@ -137,15 +138,22 @@ contract Nexus is INexus, BaseAccount, ExecutionHelper, ModuleManager, UUPSUpgra
function executeFromExecutor(
ExecutionMode mode,
bytes calldata executionCalldata
) external payable onlyExecutorModule withHook withRegistry(msg.sender, MODULE_TYPE_EXECUTOR) returns (bytes[] memory returnData) {
)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we not touch linting as far as this PR goes?

livingrockrises
livingrockrises reviewed Aug 10, 2024
View reviewed changes
contracts/base/BaseAccount.sol
@@ -23,14 +25,10 @@ import { IBaseAccount } from "../interfaces/base/IBaseAccount.sol";
/// @author @filmakarov | Biconomy | [email protected]
/// @author @zeroknots | Rhinestone.wtf | zeroknots.eth
/// Special thanks to the Solady team for foundational contributions: https://github.com/Vectorized/solady
contract BaseAccount is IBaseAccount {
contract BaseAccount is Storage, IBaseAccount {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

??

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I moved the _ENTRYPOINT to storage, as it needs to be used by both BaseAccount and ModuleManager for the new onlyAuthorized

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why would you do that?
it's not a storage
it's immutable : address internal immutable _ENTRYPOINT;

what's new onlyAuthorized for?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

onlyAuthorized is checking msg.sender is EP, self or Executor while other modifier are exclusively checking EP EP+self or Executor only

if the naming is a problem we can change it

@livingrockrises
Copy link
Contributor

@Aboudjem

what is done specific to this?

Fix: Implement proper authorization control to ensure only authorized entities can invoke it

I don't see changes related to it. we also discussed fallback handler should implement it's own auth control and we are gonna make changes on the EIP PR. cc @filmakarov

can you close this PR and redo it if only there are additional test cases. bunch of linting makes it very hard to review..

@VGabriel45
Copy link
Collaborator

Should this be a remediation for this https://codehawks.cyfrin.io/c/2024-07-biconomy/s/179 ?

@livingrockrises
Copy link
Contributor

Should this be a remediation for this https://codehawks.cyfrin.io/c/2024-07-biconomy/s/179 ?

No, anyone should be able to invoke fallback handlers.
the actual access control (if required) should be implemented in the handlers themselves..

@Aboudjem
Copy link
Contributor Author

Aboudjem commented Aug 12, 2024
edited
Loading

@Aboudjem

what is done specific to this?

Fix: Implement proper authorization control to ensure only authorized entities can invoke it

I don't see changes related to it. we also discussed fallback handler should implement it's own auth control and we are gonna make changes on the EIP PR. cc @filmakarov

can you close this PR and redo it if only there are additional test cases. bunch of linting makes it very hard to review..

Implement proper authorization control in the fallback function to ensure that only authorized entities can invoke it. This can be achieved by adding a modifier to check the sender's authorization before routing the call to the fallback handler. The existing onlyEntryPointOrSelf modifier could be used or an new modifier also including executorModuls might be appropriate.

At this point, the entrypoint and the onlyEntrypoint or onlySelfOrEntrypoint are not visible, any suggestion?

Yes my husky script messed a bit with the linter

@livingrockrises
Copy link
Contributor

@Aboudjem
what is done specific to this?

Fix: Implement proper authorization control to ensure only authorized entities can invoke it

I don't see changes related to it. we also discussed fallback handler should implement it's own auth control and we are gonna make changes on the EIP PR. cc @filmakarov
can you close this PR and redo it if only there are additional test cases. bunch of linting makes it very hard to review..

Implement proper authorization control in the fallback function to ensure that only authorized entities can invoke it. This can be achieved by adding a modifier to check the sender's authorization before routing the call to the fallback handler. The existing onlyEntryPointOrSelf modifier could be used or an new modifier also including executorModuls might be appropriate.

At this point, the entrypoint and the onlyEntrypoint or onlySelfOrEntrypoint are not visible, any suggestion?

Yes my husky script messed a bit with the linter

dont think any of this change makes sense.

@Aboudjem
Copy link
Contributor Author

@Aboudjem
what is done specific to this?

Fix: Implement proper authorization control to ensure only authorized entities can invoke it

I don't see changes related to it. we also discussed fallback handler should implement it's own auth control and we are gonna make changes on the EIP PR. cc @filmakarov
can you close this PR and redo it if only there are additional test cases. bunch of linting makes it very hard to review..

Implement proper authorization control in the fallback function to ensure that only authorized entities can invoke it. This can be achieved by adding a modifier to check the sender's authorization before routing the call to the fallback handler. The existing onlyEntryPointOrSelf modifier could be used or an new modifier also including executorModuls might be appropriate.
At this point, the entrypoint and the onlyEntrypoint or onlySelfOrEntrypoint are not visible, any suggestion?
Yes my husky script messed a bit with the linter

dont think any of this change makes sense.

then close the PR

@Aboudjem Aboudjem closed this Aug 13, 2024
@livingrockrises livingrockrises deleted the fix/security-m03 branch October 14, 2024 10:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@livingrockrises livingrockrises livingrockrises left review comments

@filmakarov filmakarov Awaiting requested review from filmakarov

@ankurdubey521 ankurdubey521 Awaiting requested review from ankurdubey521

@VGabriel45 VGabriel45 Awaiting requested review from VGabriel45

Assignees

@Aboudjem Aboudjem

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Aboudjem @livingrockrises @VGabriel45