-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: [QS-ALC-2] add non zero address check for paymaster in modules #279
Conversation
Summary by OctaneNew ContractsNo new contracts were added in this PR. Updated Contracts
🔗 Commit Hash: 49bdbd8 |
Contract sizes: | Contract | Runtime Size (B) | Initcode Size (B) | Runtime Margin (B) | Initcode Margin (B) |
|-------------------------------|------------------|-------------------|--------------------|---------------------|
| AccountFactory | 4,814 | 5,239 | 19,762 | 43,913 |
| AllowlistModule | 9,903 | 9,930 | 14,673 | 39,222 |
| ExecutionInstallDelegate | 5,694 | 5,740 | 18,882 | 43,412 |
| ModularAccount | 21,971 | 28,654 | 2,605 | 20,498 |
| NativeFunctionDelegate | 434 | 461 | 24,142 | 48,691 |
-| NativeTokenLimitModule | 4,258 | 4,285 | 20,318 | 44,867 |
-| PaymasterGuardModule | 1,797 | 1,824 | 22,779 | 47,328 |
+| NativeTokenLimitModule | 4,449 | 4,476 | 20,127 | 44,676 |
+| PaymasterGuardModule | 1,845 | 1,872 | 22,731 | 47,280 |
| SemiModularAccountBytecode | 23,273 | 29,956 | 1,303 | 19,196 |
| SemiModularAccountStorageOnly | 23,767 | 30,450 | 809 | 18,702 |
| SingleSignerValidationModule | 3,646 | 3,673 | 20,930 | 45,479 |
| TimeRangeModule | 2,000 | 2,027 | 22,576 | 47,125 |
| WebAuthnValidationModule | 7,854 | 7,881 | 16,722 | 41,271 | Code coverage:
|
Overview
Detailed findings
|
Overview
Detailed findings
|
uint256 cgl = UserOperationLib.unpackCallGasLimit(userOp); | ||
uint256 pvgl; | ||
uint256 ppogl; | ||
if (userOp.paymasterAndData.length > 0) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
really small nit: since we're conditionally calling _decreaseLimit with the userOp.paymasterAndData.length condition check already, maybe we can refactor to:
- pass in a bool instead
- perform unpackPaymasterStaticFields in the top function and pass in
pvgl
+ppogl
in the nonzero length case, or pass in0
in the zero case
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for creating this, it helped me better understand the issue. have 1 nit/optional suggestion but otherwise fix looks good
Putting it here for visibility too: |
Address ALC 2 where 0 paymaster address was not checked in modules.
preUserOpValidationHook
.