-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EIP-712 transactions via custom accounts do not comply with EIP-3607 and could therefore fail #322
Comments
bytes032 marked the issue as primary issue |
bytes032 marked the issue as sufficient quality report |
Invalid. Due to the nature of native AA, we ignore EIP3607. |
miladpiri (sponsor) disputed |
@miladpiri wdyt about preventing a EOA being able to take ownership of a SC? |
Regarding the report:
So, this finding is not an issue or bug. Regarding your question @GalloDaSballo , I could not understand it correclty. |
EIP-3607 was added to prevent the scenario of being able to find the PK of a contract that contains value, without it any PK that maps out to an address could start a tx as an EOA and steal the funds Basically the check prevents being able to find a PK that maps out to a deployed Smart Contract From the EIP
Meaning that this could be weaponized in the future Is EIP-3607 already enforced on zkSync? Do you think it should / should not? |
We already prevent the attack mentioned by:
|
GalloDaSballo changed the severity to QA (Quality Assurance) |
Downgrading to QA and invite the Warden to send a follow up in PJQA, I believe that zkSync has addressed the underlying issue as shown above by the Sponsor |
Hi @GalloDaSballo,
All in all, zkSync Era strives for equivalence with the EVM where possible to avoid compatibility issues for protocols running on multiple chains including zkSync Era. |
Thanks @MarioPoneder I do not see any issue. Moreover, while compiling a contract that is using |
I believe that this finding was a good addition to the contest and a worthwhile discussion This ultimately highlights a gotcha due to native account abstraction Overall the finding points at a risk that integrators can have For this reason, I believe that QA is most appropriate for this contest The responsibility of defending their code will fall to the integrators, for those contracts this finding may cause further impacts, however that would require said contracts to be in-scope which in this case they are not For this reason, after confirming with the Sponsor that EOAs can start txs, but also agreeing with the Warden that tx.origin checks can create gotchas, am going to maintain QA severity |
Lines of code
https://github.com/code-423n4/2023-10-zksync/blob/1fb4649b612fac7b4ee613df6f6b7d921ddd6b0d/code/system-contracts/bootloader/bootloader.yul#L1321-L1328
Vulnerability details
Impact
The EIP-3607: Reject transactions from senders with deployed code requires transactions where the
from
address (tx.origin
in Solidity) is not an EOA to be rejected.This EIP was alread merged into the Ethereum yellow paper and the Geth execution client.
However, in case of EIP-712 transactions on L2 using custom account abstraction, the
from
address is not an EOA due to having a codehash, therefore the bootloader uses its own address astx.origin
, see ZKSYNC_NEAR_CALL_executeL2Tx(...):The bug is, that the bootloader address also points to a non-zero & non-empty codehash, see also AccountCodeStorage.getRawCodeHash(...) & AccountCodeStorage.getCodeHash(...), therefore the bootloader is not recognized as an EOA which defies the purpose of the above
switch-case
block.As a consequence, EIP-712 transactions using custom account abstraction do not comply with EIP-3607 and therefore are in danger to fail:
Side note: Strictly, account validation and (paymaster) gas refund of any transaction type are also not compliant with EIP-3607, due to
tx.origin
being the bootloader address, but those are special cases and not responsible for the execution of the actual transaction.The main issue remains that Legacy & EIP-1559 L2 transactions comply with EIP-3607, but EIP-712 transactions using custom account abstraction do not.
Proof of Concept
The following PoC tests the EIP-3607 conformity of multiple transaction types and shows that the
tx.origin
, in case of EIP-712 transactions using custom account abstraction, indeed points to non-zero & non-empty codehash leading to nonconformity.First, add the custom account contract
./code/system-contracts/contracts/test-contracts/CustomAccount.sol
from the secret gist (too long to include in report). It is an 1:1 copy of theDefaultAccount
, just with custom signature validation and it registers itself as account on construction.Second, add the checker test contract
./code/system-contracts/contracts/test-contracts/EIP3607Checker.sol
:Next, apply the diff to the existing
DefaultAccount
test suite and runbash quick-setup.sh
from./code/system-contracts/scripts
to execute the PoC test case:Tools Used
Manual review
Recommended Mitigation Steps
As suggested by EIP-2938: Account Abstraction, use
0xffffffffffffffffffffffffffffffffffffffff
instead of the bootloader's address astx.origin
on EIP-712 transactions to be compliant with EIP-3607 and consistent with the L1 EVM.Assessed type
Context
The text was updated successfully, but these errors were encountered: