Fireblocks, UniPass Wallet addresses the Ethereum ERC-4337 account draft vulnerability
Cryptocurrency infrastructure firm FireBlocks has helped deal with what it described as the first account abstraction vulnerability in the Ethereum ecosystem.
An announcement on October 26 disclosed the discovery of an ERC-4337 token draft vulnerability in the smart contract wallet UniPass. The two organizations worked together to address the vulnerability found in hundreds of mainnet wallets during white hat hacking.
According to Firewalls, the vulnerability could allow an attacker to take control of UniPass Wallet's entire account by controlling the Ethereum account's draft process.
According to Ethereum's developer documentation on ERC-4337, account abstraction allows for flexibility and efficiency in the way transactions and smart contracts are handled on the blockchain.
Related: Account Consolidation Brings One Billion Users From Asia To Web3: Consensys exec
Common Ethereum transactions involve two types of accounts: External Ownership Accounts (EOAs) and Contract Accounts. EOAs are controlled by private keys and can initiate transactions, while contract accounts are controlled by smart contract code. The EOA triggers the execution of the contract code when it sends the transaction to the contract account.
Tag summary introduces the idea of meta tags or more general abstract tags. Abstract accounts are not tied to a specific private key and can be used to initiate transactions and interact with smart contracts, just like EOA.
As Fireblocks explains, when an ERC-4337-compliant account performs an action, it relies on the Entrypoint contract to ensure that only signed transactions are executed. These accounts rely on a single EntryPoint contract that is audited to ensure that authorization is obtained from the account before an order is executed.
“It's important to note that a malicious or malicious entry point could theoretically skip the call to “authenticateUserOp” and call the execute function directly, since the only limitation is that it's called from a trusted EntryPoint.”
According to Fireblocks, the vulnerability allowed an attacker to take control of UniPass wallets by replacing the trusted wallet entry point. Once the account takeover is complete, the attacker can access the wallet and withdraw the funds.
Hundreds of users with the ERC-4337 module enabled in their wallets were vulnerable to the attack, which could be carried out by any actor on the blockchain. The wallets in question contain only small amounts of money, and the issue has been reduced at an early stage.
After confirming that the vulnerability could be exploited, the Firefox research team was able to perform a white hat operation to patch the existing vulnerabilities. This actually involves exploiting vulnerabilities:
“We shared this idea with the Unipass team who took it upon themselves to implement and run Operation Whitehat.”
Ethereum co-founder Vitalik Buterin has previously outlined challenges to speeding up the adoption of draft functionality, including the need for an Ethereum Enhancement Proposal (EEP) to upgrade EOS to smart contracts and ensure the protocol works on Layer-2 solutions.
Magazine: Ethereum Resurgence: Blockchain Innovation or Dangerous House of Cards?