Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Osmosis Authentication Abstraction>Threat Model>Message: MsgAddAuthenticator
GeneralOverview
Findings
Critical (2)
High (2)
Medium (2)
Low (3)
Informational (1)
DiscussionSignature authenticator excessive gas
Threat ModelWhat are threat models?
authenticatorMessage: MsgAddAuthenticatorMessage: MsgRemoveAuthenticator
authz
Audit ResultsSummary
AppendixAppendixPOC signature authenticator authentication bypassPOC for bypass fee payer authentication

Message: MsgAddAuthenticator

The MsgAddAuthenticator handler is responsible for adding a new authenticator to an account. The first authenticator added must always be a SignatureVerificationAuthenticator with the public key of the account, and there can be maximum of 15 authenticators per account.

The parameters that are controllable by a user are

  • Type --- the type of authenticator to be added. Currently, it can be one of SignatureVerificationAuthenticator, AllOfAuthenticator, AnyOfAuthenticator, PassKeyAuthenticator, or SpendLimitAuthenticator.

  • Data --- the custom data that will be stored alongside the authenticator type. It will be passed to the authenticator's OnAuthenticatorAdded method for verification, then later used by the authenticator's Initialize method.

Zellic © 2025Back to top ↑