Fireblocks, UniPass wallet tackle Ethereum ERC-4337 account abstraction vulnerability

Cryptocurrency infrastructure company Fireblocks has discovered and helped resolve what it describes as the first account abstraction vulnerability in the Ethereum ecosystem.

An announcement published on October 26 revealed an ERC-4337 account abstraction vulnerability discovered in the smart contract wallet UniPass. The two companies worked together to address the vulnerability, which was reportedly discovered in hundreds of mainnet wallets during a “white hat” hacking operation.

According to Fireblocks, the vulnerability would allow a potential attacker to conduct a complete account takeover of the UniPass wallet by manipulating Ethereum’s account abstraction process.

According to Ethereum developers document On ERC-4337, account abstraction allows changing the way the blockchain handles transactions and smart contracts to provide flexibility and efficiency.

Related: Account abstraction will drive 1 billion users from Asia to Web3: ConsenSys executive

Traditional Ethereum transactions involve two types of accounts, external accounts (EOA) and contract accounts. EOA is controlled by a private key and can initiate transactions, while the contract account is controlled by the code of the smart contract. When EOA sends a transaction to a contract account, it triggers the execution of the contract code.

Account abstraction introduces the concept of meta-transactions or broader abstract accounts. Abstract accounts are not tied to a specific private key and are able to initiate transactions and interact with smart contracts just like EOAs.

As Fireblocks explains, when an ERC-4337 compliant account performs an operation, it relies on the entry point contract to ensure that only signed transactions are executed. These accounts typically trust a single audited EntryPoint contract to ensure it receives permission from the account before executing a command:

“It’s worth noting that in theory, a malicious or buggy entry point could skip the call to “validateUserOp” and call the execution function directly, since its only limitation is that it is called from a trusted entry point . “

According to Fireblocks, the vulnerability allows an attacker to gain control of the UniPass wallet by replacing the wallet’s trusted entry point. Once the account takeover is complete, the attacker is able to access the wallet and drain its funds.

Hundreds of users with ERC-4337 modules enabled in their wallets are vulnerable to attacks that can be performed by any participant on the blockchain. The wallet in question holds only a small amount of funds and the issue has been mitigated in the early stages.

After determining that the vulnerability could be exploited, Fireblocks’ research team sought to conduct a white hat operation to patch the existing vulnerability. This involves actually exploiting the vulnerability:

“We shared the idea with the UniPass team, who took it upon themselves to implement and run the white hat operation.”

Ethereum co-founder Vitalik Buterin previously outlined the challenges of accelerating the proliferation of account abstractions, which include the need for an Ethereum Improvement Proposal (EIP) to upgrade EOA to a smart contract and ensure that the protocol is suitable for layer 2 solutions.

Magazine: Ethereum Reclaimed: Blockchain Innovation or a Dangerous House of Cards?