Contest: https://codehawks.cyfrin.io/c/2024-07-biconomy
- H-01 Fallback handler is missing authorization control
- H-02 Module type argument is malleable in Module Enable Mode flow
- H-03 ETH is not forwarded to factory call in BiconomyMetaFactory
- H-04 Bootstrap functions setup the registry after module installation, bypassing the validation checks
- M-01 Typehash for ModuleEnableMode struct is incorrect
- M-02 solady handler prevents module extensibility for ERC721 and ERC1155 callbacks
- M-03 Missing support for ERC-165
- M-04 Missing call type validation for fallback handlers
- M-05 Missing callvalue handling in
executeUserOp() - M-06 Hooks are not triggered for
executeUserOp() - M-07 Module uninstallation is vulnerable to denial of service attacks
- M-08 Calldata length is not validated in
fallback() - M-09 RegistryFactory should validate that there are no duplicate attesters
- M-10 Account creation in RegistryFactory doesn't validate the initialization data targets a known bootstrapper