Skip to content
This repository has been archived by the owner on Dec 18, 2024. It is now read-only.

Commit

Permalink
move self target check to SessionLib.validate
Browse files Browse the repository at this point in the history
  • Loading branch information
@coffeexcoin
coffeexcoin committed Dec 13, 2024
1 parent 9b30462 commit 1947bac
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 4 additions & 0 deletions contracts/libraries/SessionLib.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,10 @@ library SessionLib {
}

if (transaction.data.length >= 4) {
// Disallow self-targeting transactions with session keys as these have the ability to administer
// the smart account.
require(address(uint160(transaction.to)) != msg.sender, "Can not target self");

bytes4 selector = bytes4(transaction.data[:4]);
CallSpec memory callPolicy;
bool found = false;
Expand Down
4 changes: 0 additions & 4 deletions contracts/validators/SessionKeyValidator.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,10 +143,6 @@ contract SessionKeyValidator is IValidationHook, IModuleValidator, IModule {
(address recoveredAddress, , ) = ECDSA.tryRecover(signedHash, signature);
require(recoveredAddress == spec.signer, "Invalid signer");

// Disallow self-targeting transactions with session keys as these have the ability to administer
// the smart account.
require(address(uint160(transaction.to)) != msg.sender, "Can not target self");

bytes32 sessionHash = keccak256(abi.encode(spec));
sessions[sessionHash].validate(transaction, spec, periodIds);

Expand Down

0 comments on commit 1947bac

Please sign in to comment.