Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic site

Assessment reports>AccountRecoveryModule>Threat Model>removeExpiredGuardian

GeneralOverview

Findings

DiscussionGuardians could prevent account recovery

Threat ModelWhat are threat models?

AccountRecoveryModule.sol addGuardian changeGuardianParams initForSmartAccount removeExpiredGuardian removeGuardian renounceRecoveryRequest replaceGuardian setSecurityDelay setThreshold submitRecoveryRequest validateUserOp

Audit ResultsSummary

AppendixMissing selector validation POC

Function: `removeExpiredGuardian(byte[32] guardian, address smartAccount)`

This unpermissioned function can be called by anyone to remove an expired guardian.

Inputs

guardian
- Control: Arbitrary.
- Constraints: Must be an expired guardian for smartAccount.
- Impact: Guardian to remove.
smartAccount
- Control: Arbitrary.
- Constraints: None.
- Impact: Smart account from which to remove the guardian.

Branches and code coverage

Intended branches

Removes the expired guardian, adjusting the threshold if needed.
Test coverage

Negative behavior

Reverts if the guardian is not expired.
Negative test
Reverts if the guardian is not set for smartAccount.
Negative test

Zellic © 2024Back to top ↑