Cryptocurrency infrastructure company Fireblocks has identified and helped address what it describes as the first account abstraction vulnerability within the ethereum ecosystem.
An announcement on October 26 revealed the discovery of an ERC-4337 account abstraction vulnerability in the UniPass smart contract wallet. The two companies worked together to address the vulnerability, which was reportedly found in hundreds of mainnet wallets during a white hat hacking operation.
According to Fireblocks, the vulnerability would allow a potential attacker to carry out a complete UniPass Wallet account takeover by manipulating the ethereum account abstraction process.
According to the ethereum developer ethereum.org/EIPS/eip-4337″ rel=”noopener noreferrer nofollow” target=”_blank”>documentation In ERC-4337, account abstraction enables a change in the way blockchain processes transactions and smart contracts to provide flexibility and efficiency.
Related: Account abstraction will drive 1 billion Asia users to Web3: Consensys executive
Conventional ethereum transactions involve two types of accounts: externally owned accounts (EOA) and contract accounts. EOAs are controlled by private keys and can initiate transactions, while contract accounts are controlled by smart contract code. When an EOA sends a transaction to a contract account, it triggers the execution of the contract code.
Account abstraction introduces the idea of a metatransaction or more generalized abstract accounts. Mined accounts are not tied to a specific private key and can initiate transactions and interact with smart contracts, just like an EOA.
As Fireblocks explains, when an ERC-4337 compliant account executes an action, it relies on the Entrypoint contract to ensure that only signed transactions are executed. These accounts typically rely on a single, audited EntryPoint contract to ensure that you receive permission from the account before running a command:
“It is important to note that a malicious or buggy entry point could, in theory, skip the call to “validateUserOp” and simply call the execute function directly, since the only restriction it has is that it be called from the reliable entry point”.
According to Fireblocks, the vulnerability allowed an attacker to gain control of UniPass wallets by overriding the wallet’s trusted EntryPoint. Once the account takeover was complete, an attacker could access the wallet and drain its funds.
Several hundred users who had the ERC-4337 module activated in their wallets were vulnerable to the attack, which could be carried out by any actor on the blockchain. The wallets in question only contained small amounts of funds and the issue was mitigated at an early stage.
After verifying that the vulnerability could be exploited, the Fireblocks research team managed to carry out a white hat operation to patch the existing vulnerabilities. This involved actually exploiting the vulnerability:
“We shared this idea with the UniPass team, who were responsible for implementing and executing Operation Whitehat.”
ethereum co-founder Vitalik Buterin previously outlined the challenges to accelerating the proliferation of account abstraction functionality, including the need for an ethereum Improvement Proposal (EIP) to upgrade EOAs to smart contracts and ensure that the protocol works in layer 2 solutions.
Magazine: ethereum Reset: Blockchain Innovation or Dangerous House of Cards?
