Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Security Policy>Discussion>Bypassing Security Policies
GeneralOverview
DiscussionReturn datasize uncheckedBypassing Security Policies
Threat ModelWhat are threat models?ERC7484SecurityPolicy.solSecurityPolicyManagerPlugin.sol
Audit ResultsSummary

Bypassing Security Policies

Biconomy expressed their concern that Security Policies should not be bypassable. After a thorough review of the specified code and relevant tests regarding the SecurityPolicyManagerPlugin contract, we did not identify any instances in which a Security Policy is enabled by a user, but is not called by the Security Policy Manager plugin.

In multiple tests provided by Biconomy, including testEnable* and testDisable* functions, along with their negative scenario counterparts, we found that the ideal end state of enabling or disabling a Security Policy is consistently achieved and validated, without any unexpected side effects.

Zellic © 2024Back to top ↑