Update comment

safe-global · Aug 26, 2024 · 3dff65b · 3dff65b
1 parent 3fad065
commit 3dff65b
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/modules/4337/contracts/Safe4337Module.sol b/modules/4337/contracts/Safe4337Module.sol
@@ -216,12 +216,13 @@ contract Safe4337Module is IAccount, HandlerContext, CompatibilityFallbackHandle
      * check the integrity of the signature encoding, as this is expected to be checked by the {Safe} implementation
      * of {checkSignatures}.
      * @dev Safe account has two types of signatures: EOA and Smart Contract signatures. While the EOA signature is
-     * fixed in size, the Smart Contract signature can be of arbitrary length. Safe encodes the Smart Contract
-     * signature length in the signature data. If appropriate length checks are not performed during the signature
-     * verification then a malicious bundler can pad additional bytes to the signatures data and make the account pay
-     * more gas than needed for user operation validation and reach the `verificationGasLimit`.
-     * `_checkSignaturesLength` function checks for the presence of any padded bytes to the `signature` data.
-     * However, there is an edge case that `_checkSignaturesLength` function cannot detect.
+     * fixed in size, the Smart Contract signature can be of arbitrary length. If appropriate length checks are not
+     * performed during the signature verification then a malicious bundler can pad additional bytes to the signatures
+     * data and make the account pay more gas than needed for user operation validation and reach the
+     * `verificationGasLimit`. `_checkSignaturesLength` function checks for the presence of any padded bytes to the
+     * `signature` data. However, there is an edge case that `_checkSignaturesLength` function cannot detect.
+     * Signatures data for Smart Contracts contains a dynamic part that is encoded as:
+     *     {32-bytes signature length}{bytes signature data}
      * A malicious bundler can manipulate the field(s) storing the signature length and pad additional bytes to the
      * dynamic part of the signatures which will make `_checkSignaturesLength` to return true.  In such cases, it is
      * the responsibility of the Safe signature validator implementation, as an account owner, to check for additional