SlowMist Releases Security Audit Checklist for Account Abstraction Wallets

Account Abstraction Wallet Security Audit Checklist: A Deep Dive into EIP4337

By: Kong, SlowMist Security Team

Introduction:

This articleprovides a comprehensive security audit checklist for account abstraction (AA) wallets implemented based on the EIP4337 standard. It assumes familiarity with EIP4337 and EIP7562 standards, focusing on practical audit guidelines. We’ll delve into the EIP4337 architecture and transaction executionflow to understand potential vulnerabilities.

EIP4337 Architecture and Transaction Execution Flow:

In EIP4337, a user initiates a transaction by signing a UserOperation data structure and submitting it to an alternative mempool(Alt Mempool) via RPC. This mempool is separate from the Ethereum mainnet mempool. Bundlers aggregate UserOp data from the Alt Mempool and execute them. Before execution, Bundlers perform local simulations; failing UserOpsare discarded. All UserOp executions are handled by the EntryPoint contract, which calls the user’s AA wallet after verification. The user must pay the Bundler a fee for on-chain execution, or designate a Paymaster for fee payment.

Detailed Execution Process:

The diagram below illustrates the detailed process ofBundler calling the user’s wallet through the EntryPoint. Auditors should thoroughly understand this flow.

[Insert image of the execution flow diagram from the provided link]

Audit Checklist:

The SlowMist Security Team recommends the following checklist for auditing every EIP4337 wallet:

1.Compatibility with All EVM-Compatible Chains:

Most AA wallets are deployed on multiple chains, including Ethereum mainnet. The Shanghai upgrade introduced the PUSH0 opcode, which is supported by Solidity versions 0.8.20 and above. Therefore, compiled bytecode might not be compatible with all EVM-compatible chains. Auditors should verify the Solidity version used for compilation and check if the compiled file contains the PUSH0 opcode. For multi-chain deployment, consider using a Solidity compiler version below 0.8.20 or specifying the paris compilation version:

solc = 0.8.19 evm_version = paris

2. Compliance with EIP4337 Standard Specifications:

Verify that the implemented interfaces and return values adhere to the EIP4337 standard specifications. This includes:

EntryPoint Interface: Ensure the EntryPoint contractcorrectly implements the required functions and adheres to the defined behavior.
UserOperation Struct: Verify that the UserOperation struct conforms to the standard, including fields like nonce, sender, initCode, and callData.
Paymaster Interface: If a Paymaster is used, ensure itimplements the necessary functions for fee payment and adheres to the EIP4337 standard.

3. Security of EntryPoint Contract:

The EntryPoint contract is crucial for executing UserOps. Auditors should thoroughly examine its security:

Reentrancy: Check for reentrancy vulnerabilities that could allow attackersto manipulate the execution flow and steal funds.
Gas Manipulation: Analyze the gas consumption of the EntryPoint contract and ensure it is not susceptible to gas manipulation attacks.
Access Control: Verify that access control mechanisms are properly implemented to prevent unauthorized access to critical functions.

4. Security of AA WalletContract:

The AA wallet contract handles user funds and logic. Auditors should focus on:

State Management: Ensure that the wallet’s state is managed securely and that it is not susceptible to state manipulation attacks.
Function Access Control: Verify that access control mechanisms are implemented to prevent unauthorized access tosensitive functions.
Calldata Handling: Analyze how the wallet handles calldata and ensure it is not susceptible to code injection attacks.

5. Security of Paymaster Contract (if applicable):

If a Paymaster is used, auditors should examine its security:

Fee Calculation: Verify that the Paymastercalculates fees correctly and does not overcharge users.
Reentrancy: Check for reentrancy vulnerabilities that could allow attackers to manipulate the Paymaster and steal funds.
Access Control: Ensure that access control mechanisms are implemented to prevent unauthorized access to the Paymaster’s functions.

6.Security of Bundler:

While not directly part of the AA wallet, the Bundler plays a critical role in executing UserOps. Auditors should assess:

Bundler Selection: Verify that the user has control over selecting the Bundler and that there are mechanisms to prevent malicious Bundlers from being chosen.
*Bundler Incentives: Analyze the Bundler’s incentives and ensure they do not encourage malicious behavior.
Bundler Security: Examine the Bundler’s code for vulnerabilities that could be exploited by attackers.

7. Gas Optimization:

Optimize the gas consumption of the AA wallet and related contracts tominimize transaction fees for users.

8. User Experience:

Ensure that the AA wallet provides a user-friendly experience, including:

Ease of Use: The wallet should be easy to set up and use, even for non-technical users.
Security Features: The wallet should provide robust security features,such as multi-signature support and key recovery mechanisms.
Transparency: The wallet should be transparent about its operations and fees.

Conclusion:

This checklist provides a comprehensive framework for auditing EIP4337-based AA wallets. By following these guidelines, auditors can identify and mitigate potential vulnerabilities, ensuring thesecurity and reliability of these innovative wallets.

References:

Disclaimer:

This article is for informational purposes only and should not be considered financial or legal advice. The information provided is subject to change without notice.

>>> Read more <<<