Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>SponsorshipPaymaster>Threat Model>_validatePaymasterUserOp
GeneralOverview
Findings
Low (1)
Informational (1)
DiscussionNo domain separator for signed message
Threat ModelWhat are threat models?
VerifyingSingletonPaymasterV2.soldepositFor_postOp_postOp_validatePaymasterUserOpparsePaymasterAndData
Audit ResultsSummary

Function: _validatePaymasterUserOp(UserOperation calldata userOp, bytes32 userOpHash, uint256 requiredPreFund)

This function is used to verify that the UserOperation's Paymaster data were signed by the external signer.

Inputs

  • userOp

    • Control: Fully controlled by user.

    • Constraints: All fields are used in signature validation and thus must be valid.

    • Impact: This is the UserOperation being validated.

  • requiredPreFund

    • Control: Partially controlled by user.

    • Constraints: Must be sufficient to pay for the gas fees for this user operation.

    • Impact: This is the required amount of prefunding for the Paymaster, calculated using the userOp argument.

Branches and code coverage (including function calls)

Intended branches

  • Succeeds with valid gas limit, userOp, and requiredPrefund.

Negative behavior

  • Invalid signature causes error to be returned.

  • Insufficient requiredPrefund causes revert.

  • Insufficient userOp.verificationGasLimit causes revert.

  • Parsing invalid Paymaster data causes revert.

Zellic © 2025Back to top ↑