Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Biconomy Batched Session Router Module>Informational findings>Missing element count check of ,sessionData, in ,validateUserOp
GeneralOverview
Findings
Low (1)
Informational (2)Validate `callData` lengthMissing element count check of `sessionData`
Threat ModelWhat are threat models?BatchedSessionRouterModule.solERC20SessionValidationModule.solSessionKeyManagerModule.sol
Audit ResultsSummary
Category: Coding Mistakes

Missing element count check of sessionData in validateUserOp

Informational Severity
Informational Impact
N/A Likelihood

Description

The function validateUserOp decodes an array named sessionData and iterates over it to perform various validations and computations. However, there is no explicit check in the code to ensure that the sessionData array contains at least one element. 

 uint256 length = sessionData.length;
 (
        address sessionKeyManager,
        SessionData[] memory sessionData,
        bytes memory sessionKeySignature
) = abi.decode(moduleSignature, (address, SessionData[], bytes));
    ...

uint256 length = sessionData.length;

// iterate over batched operations
 for (uint i; i < length; ) {

     ...

}

return (
            _packValidationData(
                false, // sig validation failed = false; if we are here, it is valid
                earliestValidUntil,
                latestValidAfter
            )
);

Impact

The absence of a check for the array length could lead to potential logical errors or undesired behaviors in the case where the sessionData array is empty.

Recommendations

Implement the array length check and make sure the length of sessionData is equal to the length of destinations.

Remediation

This issue has been acknowledged by Biconomy Labs, and a fix was implemented in commit 3bf128e9.

Zellic © 2024Back to top ↑