remediations #4

zeroknots · 2024-06-17T07:02:12Z

Implementing remediations for Ackee's Safe7579 security audit, as well as other security improvements.

requireing a self call to initializeAccount allows for ERC2771 access control check.

foo wip

zeroknots

Note: H1

I think adding this access control should make remediate the frontrunning / race condition problem entirely.

98f2eb9

I still think having a launchpad like single transaction install process for existing safe accounts is a good idea, but delegatecall to multisend should be sufficient for that?!

fixing access control for launchpadValidators() as well wip

zeroknots · 2024-06-18T05:40:10Z

src/Safe7579Launchpad.sol

+        // ISafe7579(initData.safe7579).launchpadValidators(initData.validators);
+        // but we need to append msg.sender (entrypoint) to ERC2771 style access control, to protect
+        // the launchpadValidator function
+        (bool success,) = address(initData.safe7579).call(


adding ERC2771 style appending of msg.sender to calldata. this should offer sufficient frontrun protection for the launchpadValidators function

zeroknots · 2024-06-18T05:40:24Z

src/core/Initializer.sol

+    function launchpadValidators(ModuleInit[] calldata validators)
+        external
+        override
+        onlyEntryPointOrSelf


added access control here

adding test case to remove multi type module

…pad via delegatecall

fix

Feature/safe owner cleanup

Feature/safe owner launchpad

WIP

Fix: final remediations

fix: various bugs/missing features

zeroknots added 17 commits June 17, 2024 10:09

fix: H1

98f2eb9

requireing a self call to initializeAccount allows for ERC2771 access control check.

fix: H2. using _msgSender for registry check

0e34dad

fix: M1

2406309

fix: M3

77b9157

fix: M4

fae3c77

fix: M5

fc5404b

fix: L1

7a53178

fix: L2

0ca432c

fix: L4

18e86b3

fix: W4

0c612da

fix: W5

f7eb247

wip

487e8c9

fix: I2

535e8f2

fix: I3

f76e42f

fix: internal finding

817ef13

foo wip

fix: use operation enum for executions

79c0094

fix: slight gas improvement

63af900

zeroknots commented Jun 17, 2024

View reviewed changes

zeroknots added 2 commits June 18, 2024 08:14

fix: H1

be9e05a

fixing access control for launchpadValidators() as well wip

chore: improve readability

bab5361

zeroknots force-pushed the feature/remediation branch from 6767458 to bab5361 Compare June 18, 2024 01:14

zeroknots added 4 commits June 18, 2024 10:08

fix: H1 with EP in 2771

a5e21e6

fix: add multitype uninstall function

73a9924

fix: hook uninstall dos

f1fdf78

fix: W8

6200ed4

zeroknots commented Jun 18, 2024

View reviewed changes

zeroknots requested a review from kopy-kat June 18, 2024 05:41

zeroknots and others added 2 commits June 18, 2024 12:50

chore: add test case

d36bfed

adding test case to remove multi type module

Update src/core/ModuleManager.sol

4918df8

zeroknots and others added 28 commits June 27, 2024 13:15

feat: adding launchpad function to allow existing safes to use launch…

e7151ea

…pad via delegatecall

feat: prototype implementation to allow safe checknsignature signers

4f6daa3

fix

fixed bug in validation

349ff72

wip

128bf6a

WIPip

3cac556

feat: all tests passing

67cd00c

feature: clean up safe owner verification in launchpad

7a66b3b

feature: add existing safe test

5092f78

feat: add support viewer contract

8df99dd

chore: add deployments

80a6c7a

chore: update supportviewer

b4ced92

Merge pull request #8 from rhinestonewtf/feature/safe-owner-cleanup

ec0ebdf

Feature/safe owner cleanup

Merge pull request #9 from rhinestonewtf/feature/safe-owner-launchpad

ca2d1a1

Feature/safe owner launchpad

fix: tests

8a1bde5

fix: abstract contracts

4573126

fix: linting

3dc8fdb

chore: internal review

ca4ce07

WIP

rm: broadcast

dd2b4c5

feat: add safe as validator module addr

3c57ecd

chore: update lock

45ccd05

fix: relative imports

d961421

fix: typo

9bf62e7

fix: remove unused using for

065da36

fix: update checknsignatures to latest

1d25d2d

feat: add audit report

1a08bda

Merge pull request #11 from rhinestonewtf/fix/final-remediations

bedaf2f

Fix: final remediations

Merge pull request #7 from rhinestonewtf/feature/4337-compliance

ff8df1d

fix: various bugs/missing features

fix: ignore userOp builder lint

e8cbed6

kopy-kat merged commit e17b03c into main Jul 8, 2024
3 checks passed

kopy-kat deleted the feature/remediation branch July 8, 2024 20:40

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

remediations #4

remediations #4

zeroknots commented Jun 17, 2024 •

edited

Loading

zeroknots left a comment •

edited

Loading

zeroknots Jun 18, 2024

zeroknots Jun 18, 2024 •

edited

Loading

remediations #4

remediations #4

Conversation

zeroknots commented Jun 17, 2024 • edited Loading

zeroknots left a comment • edited Loading

Choose a reason for hiding this comment

zeroknots Jun 18, 2024

Choose a reason for hiding this comment

zeroknots Jun 18, 2024 • edited Loading

Choose a reason for hiding this comment

zeroknots commented Jun 17, 2024 •

edited

Loading

zeroknots left a comment •

edited

Loading

zeroknots Jun 18, 2024 •

edited

Loading