Ambire Wallet - Mitigation Review
A web3 wallet that makes crypto self-custody easy and secure for everyone.
- Start date16 Jun 2023
- End date21 Jun 2023
- Total awards$6,500 USDC
- Duration5 days
- Details
Ambire Wallet - Mitigation Review details
- Total Prize Pool: $6,500 USDC
- Warden guidelines for C4 mitigation reviews
- Submit findings using the C4 form
- Starts June 16, 2023 20:00 UTC
- Ends June 21, 2023 20:00 UTC
Important note
Each warden must submit a mitigation review for every High and Medium finding from the parent audit. Incomplete mitigation reviews will not be eligible for awards.
Findings being mitigated
Mitigations of all High and Medium issues will be considered in-scope and listed here.
- M-02: Attacker can force the failure of transactions that use tryCatch
- M-03: Recovery transaction can be replayed after a cancellation
- M-04: Project may fail to be deployed to chains not compatible with Shanghai hardfork
- M-05: AmbireAccount implementation can be destroyed by privileges
Overview of changes
We fixed 4 of the vulnerabilities after they were found, and we chose not to mitigate one.
Mitigations to be reviewed
The mitigations are already committed in this branch and they are in individual commits.
| URL | Mitigation of | Purpose |
|---|---|---|
| fca50cd45478ef1ab57ba21bf7e1ccd15b310a05 | M-02 | Check gasleft to prevent this attack |
| 1c0b06fbbbdd9aac1285d4fc4949f5b84f923238 | M-03 | Increment the nonce to prevent replaying recovery transactions |
| cf9c8b115a60df384ae8986a368bb65c56cd7e12 | M-04 | Downgrade Solidity to allow deploying on pre-Shanghai networks |
| 3a0a4d9b24c96d816fb5819efe1e5f4dc57d7835 | M-05 | To mitigate this and avoid confusion, we removed the constructor as it's not used anyway |
Out of Scope
M-01: Fallback handlers can trick users into calling functions of the AmbireAccount contract
This is worth pointing out, but the likelihood of an attack is very low, it needs the user to consciously add a malicious fallback handler, and the UI needs to be updated to attack the user as well. If we go into the possibility of malicious UI updates, then we open a whole new can of worms which is completely out of scope - in other words, we will have much bigger issues in this case, so this is completely irrelevant.
Furthermore, there's no applicable mitigation.