Assessment reportsPublic findings
Back to Zellic site
Assessment reports>AccountRecoveryModule>Low findings>Potential guardian deanonymization risk
GeneralOverview
Findings
High (1)
Low (1)Potential guardian deanonymization risk
DiscussionGuardians could prevent account recovery
Threat ModelWhat are threat models?AccountRecoveryModule.sol
Audit ResultsSummary
AppendixMissing selector validation POC
Category: Business Logic

Potential guardian deanonymization risk

Low Severity
Informational Impact
Low Likelihood

Description

The account-recovery module stores the hash of a signature from a guardian instead of the address of the guardian to avoid disclosing the address of the guardians until they submit a signed recovery request. However, all guardians sign the same CONTROL_HASH message, increasing the risk of a guardian being deanonymized if they were to reuse the same signature for multiple smart accounts.

Impact

This issue could lead to guardians being deanonymized if they were to reuse CONTROL_HASH signatures. If a guardian were to be identified for one smart account, it could be tied to other smart accounts for which it acts as a guardian too.

Recommendations

Include the smart account address in the message signed by the guardians.

Remediation

This issue has been acknowledged by Biconomy Labs, and a fix was implemented in commit 25bea175.

Zellic © 2024Back to top ↑