Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pre issued 1271 sigs handling #238

Merged
merged 3 commits into from
Feb 6, 2025
Merged

Pre issued 1271 sigs handling #238

merged 3 commits into from
Feb 6, 2025

Conversation

filmakarov
Copy link
Collaborator

@filmakarov filmakarov commented Feb 4, 2025
edited
Loading

From EP 0.8 pre-release notes:

Compatible ERC-1271 signature
EIP-7702 accounts could have off-chain signatures created prior to adding an account code. To keep those signature working, account SHOULD make sure that ERC-1271 signature are compatible
Again, see the reference implementation

However, I found it potentially unsafe to just allow such signatures.

// 1. This 7702 account being an eoa as well owns some other Smart Account (Smart Account B)
// 2. It signs some unsafe hash: the one that doesn't have Smart Account B address hashed in
// 3. In this case, if we just allow signatures by address(this), this above sig
//    over unsafe hash could be replayed here

So instead of allowing such sigs, decided to revert but with a specific custom error

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 4, 2025

🤖 Slither Analysis Report 🔎

Slither report

# Slither report

THIS CHECKLIST IS NOT COMPLETE. Use --show-ignored-findings to show all the results.
Summary
🟡 - locked-ether (1 results) (Medium)

locked-ether

🟡 Impact: Medium
🔴 Confidence: High

utils/NexusBootstrap.sol#L33-L185

constable-states

Impact: Optimization
🔴 Confidence: High

base/RegistryAdapter.sol#L10

factory/RegistryFactory.sol#L38

_This comment was automatically generated by the GitHub Actions workflow._

@openzeppelin-code OpenZeppelin Code
Copy link

Pre issued 1271 sigs handling

Generated at commit: 46df04657d7b96cd76285406125dcc888db7c57a

🚨 Report Summary

Severity Level Results
Contracts Critical
High
Medium
Low
Note
Total		 1
1
0
6
29
37

For more details view the full report in OpenZeppelin Code Inspector

@filmakarov filmakarov changed the base branch from dev to release/eip-7702-sepolia-pre-release February 6, 2025 15:01
@filmakarov filmakarov mentioned this pull request Feb 6, 2025
Draft
2 tasks
@filmakarov filmakarov marked this pull request as ready for review February 6, 2025 15:13
@filmakarov filmakarov merged commit b8d8205 into release/eip-7702-sepolia-pre-release Feb 6, 2025
5 of 8 checks passed
@filmakarov filmakarov deleted the feat/pre-issued-1271-sigs-handling branch February 6, 2025 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@filmakarov