Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔒 L-01 & L-02 - Prevent Data Loss in Events and Allow Overriding of entryPoint() Function #123

Merged
merged 3 commits into from
Aug 9, 2024
Merged

🔒 L-01 & L-02 - Prevent Data Loss in Events and Allow Overriding of entryPoint() Function #123

merged 3 commits into from
Aug 9, 2024

Conversation

Aboudjem
Copy link
Contributor

L-01. The indexed Keyword in Events Causes Data Loss for Variables of type bytes

  • Issue: indexed keyword causes data loss for bytes variables in events.
  • Affected Events: AccountCreated in NexusAccountFactory.
  • Fix: Remove indexed keyword from bytes variables in events.

L-02. entryPoint() function cannot be overridden

  • Issue: entryPoint() function lacks the virtual keyword.
  • Affected Functions: entryPoint.
  • Fix: Add virtual keyword to entryPoint() function.

@Aboudjem Aboudjem self-assigned this Jul 31, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 31, 2024
edited
Loading

Changes to gas cost

Generated at commit: 9db9023dd8e88c220707cb1b7bcbadaee29f2af9, compared to commit: 78aa8682ea447be76d0f4c376c7988044da4a3e4

🧾 Summary (5% most significant diffs)

Contract Method Avg (+/-) %
NexusAccountFactory createAccount +5,167 ❌ +2.25%
Full diff report 👇
Contract Deployment Cost (+/-) Method Min (+/-) % Avg (+/-) % Median (+/-) % Max (+/-) % # Calls (+/-)
NexusAccountFactory 813,115 (-3,444) createAccount 217,510 (+5,167) +2.43% 235,131 (+5,167) +2.25% 237,650 (+5,167) +2.22% 237,650 (+5,167) +2.22% 8 (0)

@github-actions GitHub Actions
Copy link

🤖 Slither Analysis Report 🔎

Slither report

# Slither report

THIS CHECKLIST IS NOT COMPLETE. Use --show-ignored-findings to show all the results.
Summary

constable-states

Impact: Optimization
🔴 Confidence: High

base/RegistryAdapter.sol#L12

factory/RegistryFactory.sol#L39

_This comment was automatically generated by the GitHub Actions workflow._

@codecov Codecov
Copy link

codecov bot commented Jul 31, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.73%. Comparing base (78aa868) to head (d742909).

Additional details and impacted files 
@@                Coverage Diff                @@
##           fix/security-m06     #123   +/-   ##
=================================================
  Coverage             71.73%   71.73%           
=================================================
  Files                    13       13           
  Lines                   697      697           
  Branches                157      133   -24     
=================================================
  Hits                    500      500           
  Misses                  197      197
Files Coverage Δ
contracts/base/BaseAccount.sol 62.85% <100.00%> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 78aa868...d742909. Read the comment docs.

livingrockrises
livingrockrises reviewed Aug 8, 2024
View reviewed changes
contracts/interfaces/factory/INexusFactory.sol
@@ -24,7 +24,7 @@ interface INexusFactory {
/// @param account The address of the newly created account.
/// @param initData Initialization data used for the new Smart Account.
/// @param salt Unique salt used during the creation of the Smart Account.
event AccountCreated(address indexed account, bytes indexed initData, bytes32 indexed salt);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why did we remove indexed here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed indexed because it hashes bytes data, making it unretrievable from logs. Without indexed, the actual initData can be emitted and accessed as intended

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check L-01 for more info

@livingrockrises livingrockrises merged commit 6e80683 into fix/security-m06 Aug 9, 2024
8 of 11 checks passed
@livingrockrises livingrockrises deleted the fix/security-l01-l02 branch August 9, 2024 09:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@livingrockrises livingrockrises livingrockrises approved these changes

@filmakarov filmakarov Awaiting requested review from filmakarov

@ankurdubey521 ankurdubey521 Awaiting requested review from ankurdubey521

@VGabriel45 VGabriel45 Awaiting requested review from VGabriel45

Assignees

@Aboudjem Aboudjem

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Aboudjem @livingrockrises