Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/finding #18 Prevent Memory Overwrite in withdrawDepositTo Function #125

Merged
merged 23 commits into from
Aug 19, 2024
Merged

Fix/finding #18 Prevent Memory Overwrite in withdrawDepositTo Function #125

Changes from 1 commit
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
748efe1
refactor: fix withdrawDepositTo function in BaseAccount.sol
Aboudjem Aug 1, 2024
75e8fb5
refactor: Enable module being enabled to be a validator in Nexus.sol
Aboudjem Aug 1, 2024
f23b948
lint fix
Aboudjem Aug 1, 2024
00e4a43
refactor: Update ModuleManager to validate module type before install…
Aboudjem Aug 1, 2024
4d0c119
refactor: Add tests for enable mode and negative test
Aboudjem Aug 1, 2024
03e8e92
refactor: Improve error handling in ExecutionHelper contract
Aboudjem Aug 1, 2024
6c350ea
refactor: Add TryDelegateCallUnsuccessful event to EventsAndErrors.sol
Aboudjem Aug 1, 2024
7a63137
refactor: Add TryExecuteUnsuccessful and TryDelegateCallUnsuccessful …
Aboudjem Aug 1, 2024
9c2537d
refactor: update tree test
Aboudjem Aug 1, 2024
1c0fd0b
chore: fix script location (#130)
joepegler Aug 8, 2024
d12b063
feat: replace index with calldata in event
GabiDev45 Aug 12, 2024
96d9261
refactor: Improve withdrawDepositTo function in BaseAccount.sol
Aboudjem Aug 12, 2024
e1cc884
refactor: Merge branch 'feat/events_replace_index_with_calldata' of h…
GabiDev45 Aug 13, 2024
1e83820
refactor: emit events with calldata fix
GabiDev45 Aug 13, 2024
4c05522
refactor: added missing calldata in events
GabiDev45 Aug 13, 2024
b0f009a
Merge pull request #127 from bcnmy/fix/finding-21-emit-events
livingrockrises Aug 13, 2024
534ba42
Merge branch 'fix/finding-2-salt-determinism' into fix/finding-18-wit…
Aboudjem Aug 13, 2024
7a200ee
fix based on fiding 18 - withdrawDepositTo function in BaseAccount.sol
Aboudjem Aug 14, 2024
ec1d3b0
refactor: Restore overwritten memory pointer in BaseAccount.sol
Aboudjem Aug 16, 2024
795f731
Merge branch 'remediations/cantina-spearbit' into fix/finding-18-with…
Aboudjem Aug 18, 2024
e036430
chore: Update emit statement in TestAccountExecution_TryExecuteSingle…
Aboudjem Aug 18, 2024
79956d4
fix enablemode tests
Aboudjem Aug 18, 2024
902c284
chore: Update TryDelegateCallUnsuccessful event parameters in EventsA…
Aboudjem Aug 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 16 additions & 16 deletions contracts/base/BaseAccount.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,24 +74,24 @@
} // For gas estimation.
}
}

/// @notice Withdraws ETH from the EntryPoint to a specified address.
/// @param to The address to receive the withdrawn funds.
/// @param amount The amount to withdraw.
function withdrawDepositTo(address to, uint256 amount) external payable virtual onlyEntryPointOrSelf {
address entryPointAddress = _ENTRYPOINT;
/// @solidity memory-safe-assembly
assembly {
mstore(0x14, to) // Store the `to` argument.
mstore(0x34, amount) // Store the `amount` argument.
mstore(0x00, 0x205c2878000000000000000000000000) // `withdrawTo(address,uint256)`.
if iszero(call(gas(), entryPointAddress, 0, 0x10, 0x44, codesize(), 0x00)) {
returndatacopy(mload(0x40), 0x00, returndatasize())
revert(mload(0x40), returndatasize())
}
mstore(0x34, 0) // Restore the part of the free memory pointer that was overwritten.
livingrockrises marked this conversation as resolved.
Show resolved Hide resolved
/// @notice Withdraws ETH from the EntryPoint to a specified address.
/// @param to The address to receive the withdrawn funds.
/// @param amount The amount to withdraw.
function withdrawDepositTo(address to, uint256 amount) external payable virtual onlyEntryPointOrSelf {
address entryPointAddress = _ENTRYPOINT;
/// @solidity memory-safe-assembly
assembly {
let freeMemPtr := mload(0x40) // Store the free memory pointer.
Aboudjem marked this conversation as resolved.
Show resolved Hide resolved
mstore(0x14, to) // Store the `to` argument.
mstore(0x34, amount) // Store the `amount` argument.
mstore(0x00, 0x205c2878000000000000000000000000) // `withdrawTo(address,uint256)`.

Check warning on line 87 in contracts/base/BaseAccount.sol

View check run for this annotation

Codecov / codecov/patch

contracts/base/BaseAccount.sol#L84-L87 

Added lines #L84 - L87 were not covered by tests
if iszero(call(gas(), entryPointAddress, 0, 0x10, 0x44, codesize(), 0x00)) {
returndatacopy(freeMemPtr, 0x00, returndatasize())
revert(freeMemPtr, returndatasize())

Check warning on line 90 in contracts/base/BaseAccount.sol

View check run for this annotation

Codecov / codecov/patch

contracts/base/BaseAccount.sol#L89-L90 

Added lines #L89 - L90 were not covered by tests
}
}
}


/// @notice Gets the nonce for a particular key.
/// @param key The nonce key.
Expand Down
Loading