safe-global / safe-modules

100%

master: 85%

LAST BUILD ON BRANCH chore/prevent-launchpad-double-init

branch: chore/prevent-launchpad-double-init

CHANGE BRANCH

x

Reset

• chore/prevent-launchpad-double-init
• 0.8.19-compile
• 100-coverage-on-factory
• 227-fix-tests-for-0.7-bundler
• 230-update-changelog-for-safe-4337-module
• 270-fix-passkey-example
• 282-create-passkey-project
• 285-support-multiple-verifiers
• 286-introduce-p256-verifier-contract
• 288-implement-a-passkey-signaturevalidator-factory
• 308/add-nat-spec
• 308/single-setup
• 308/single-setup-unit-tests
• 313/precompile-with-fallback
• 317/precompile-test
• 360-enhance-passkey-example-app-2
• 360-enhance-passkey-example-app-3
• 395-explore-adding-a-esm-build-to-passkey4337-packages
• 407/full-coverage-shared-signer
• 407/promote-shared-signer
• 408/use-self-storage
• 408/use-self-storage-2
• 409/additional-4337-tests
• 409/additional-tests-and-userstories
• 40x/experimental-4337-support
• 420-small-changes
• 425-gas-benchmarking-in-4337-tests-outputs-gas-used-for-the-transaction-instead-of-useroperation-gas
• 426-release-a-new-4337-module-version-with-updated-js-tooling
• 4337-certora-update
• 4337-gas-metering-pimlico
• 4337-module-audit-preparations
• 4337/remove-inlining-in-the-mock
• 4337/upgrade-dependencies
• 4337m-preparations-lint-setup
• 4337m-remove-redunant-ifaces
• add-audit-report
• add-recovery-module
• add-sepolia-network
• allowance-module-changelog
• allowance-module/0.1.1
• allowance-module/audit-l1
• allowance-module/improve-docs
• audit-report-v2.0
• audit/0.2.0-include-report
• audit/l-01
• audit/l-02
• audit/l-03,n-01,n-02
• audit/m-01
• audit/m-01-alternative
• audit/n-03
• audit/n-04
• audit/n-05
• audit/n-06
• benchmark/alchemy-0.7.0
• bug/passkey-no-declaration-files
• bug/webauthn-signerfactory-validateuserop-reverts
• bundler-updates
• certora-audit
• certora-script
• certora-update
• certora/spec-fixes
• certora/v6-spec-update
• check-address-on-constructor
• check-signature-length
• check-signatures-data
• chore/0.2.1-changelog
• chore/add-gas-benchmark
• chore/bench-script
• chore/bump-passkey-version
• chore/consolidate-userstories-directory
• chore/deprecate-launchpad
• chore/docker-compose-version
• chore/document-privacy-concerns
• chore/fix-4337-comment
• chore/fix-docker-build
• chore/fix-flaky-webauthn-test
• chore/fix-lint-warnings
• chore/fix-passkey-verification
• chore/fix-runop-script
• chore/fix-shared-signer-docs
• chore/fix=p256-account-test-impl
• chore/format-source
• chore/hats-audit-competition-report
• chore/increase-e2e-gas-buffer
• chore/indexed-signer-in-event
• chore/ir-optimizations
• chore/multi-passkey-e2e
• chore/optimal-solidity-configuration
• chore/passkey-safe-tx-userstory
• chore/refactor-monorepo-1
• chore/refactor-monorepo-2
• chore/refactor-monorepo-3
• chore/refactor-monorepo-4
• chore/remove-not-audited-note
• chore/rename-audit-file
• chore/safe-rename-tradition
• chore/sourcify
• chore/sourcify-4337
• chore/test-cleanup
• chore/use-arachnid-deployer-for-some-contracts
• chore/userstory-for-safe
• ci/add-monorepo-linter
• ci/fix-certora-branch-name
• comment-on-not-handling-return
• core/remove-dead-code
• correct-verifier-behaviour
• custom-deployment
• custom-sha256-impl
• define-code-owners
• dependabot/npm_and_yarn/4337/ansi-regex-3.0.1
• dependabot/npm_and_yarn/4337/minimist-1.2.8
• dependabot/npm_and_yarn/4337/undici-5.25.4
• dependabot/npm_and_yarn/4337/undici-5.26.3
• dependabot/npm_and_yarn/allowances/get-func-name-2.0.2
• dependabot/npm_and_yarn/allowances/undici-5.26.3
• dependabot/npm_and_yarn/dutchx_seller/browserify-sign-4.2.2
• dependabot/npm_and_yarn/dutchx_seller/handlebars-4.7.8
• dependabot/npm_and_yarn/es5-ext-0.10.64
• dependabot/npm_and_yarn/follow-redirects-1.15.6
• dependabot/npm_and_yarn/openzeppelin/contracts-5.0.2
• dependabot/npm_and_yarn/recurring_transfers/browserify-sign-4.2.2
• dependabot/npm_and_yarn/recurring_transfers/handlebars-4.7.8
• dependabot/npm_and_yarn/undici-5.28.3
• dependencies/update
• dependencies/upgrade
• deps/bump
• docs/entrypoint-version
• document-signature-validation-result
• documentation-is-nice
• e2e-local-bundler
• e2e-webauthn-signer
• entrypoint-deployment
• entrypoint-modifier
• feat/4337/use-production-entrypoint-contract
• feat/add-deploy-task-to-passkey
• feat/dep-update
• feat/eip1271-version-update
• feat/migrate-and-deploy-webauthn-signer
• feat/move-dependency
• feat/update-vendored-fc
• feat/validUntil-validAfter-timestamp-support-4337
• feat/webauth-poc-app
• feature-142-4337-module-formal-verification
• feature-169-rename-master-to-main
• feature-275-4337-account-passkey-owner
• feature-276-user-story-paymaster
• feature-277
• feature-277-user-story-exec-userop
• feature-279
• feature-287-webauthn-package
• feature-289-base64-encoding-optimization
• feature-293-document-passkey-signer-flow
• feature-312-webAuthn-proxy
• feature-381-document-passkeys-package
• feature-4337
• feature-79-document-tx-flow
• feature-81-implement-4337-exec-flow
• feature-82-implement-4337-deploy-flow
• feature-83-integration-tests
• feature-comment-on-dynamic-signatures
• feature-emit-signer-creation-event
• feature-safe-module-6900
• feature/add-cla-action
• feature/add-unit-tests-0
• feature/allowance-module-zksolc
• feature/cla-action-permissions
• feature/contract-call-in-runOp-script
• feature/document-optimizer-usage
• feature/e2e-with-reference-entrypoint
• feature/entrypoint-v0.7
• feature/entrypoint-v0.7-2024-02-24
• feature/entrypoint-v0.7-2024-03-05
• feature/increase-test-coverage
• feature/increase-test-coverage-allowance-module
• feature/multi-shared-signer
• feature/nested-safe-exec
• feature/require-success-for-operation-execution
• feature/skip-coverage-for-test-contracts
• feature/webauthn-poc
• finishing-touches
• fix-208-update-package-name
• fix-754-signature-length-check
• fix-entrypoint-natspec
• fix-import-error
• fix-local-verify
• fix-readme-initcode
• fix-revert-propagation
• fix-singleton-signer-e2e-flakiness
• fix-ts-lints
• fix-validate-signatures-nat-spec
• fix-verifiers-range
• fix-warning-icons
• fix/4337-runop-script
• fix/allowance-module-test
• fix/broken-install
• fix/cla-action-secret-name
• fix/example-app-file
• fix/include-types-npm
• fix/sequence-diagram-update
• fv-passkey
• fv-signature-length-check
• fv/use-ref-entrypoint
• gas-metering
• gas-metering-for-webauthn
• gelato-4337
• hardcoded-constants
• hardhat-config-cleanup
• hats/14-check-static-call
• hats/17-consitent-pragmas
• hats/3-emit-configuration-event
• inline-base64-encoding
• internal-function-naming-again
• internal-function-naming-convention
• launchpad-contract
• launchpad-contract-signer
• main
• master
• memory-safe-fallback
• migrate-to-hardhat-toolbox
• minor-ci-adjustments
• minor-fixes
• mmv08-patch-1
• mmv08-patch-2
• new-webauthn-signature-format
• optimize-webauthn-proxy
• p256/extract-verification-logic
• package-v0.2.0
• passkey-audit
• passkey-credential-creation
• passkey-example-porting
• passkey-offchain-sig-verification
• passkey/release-0.2.0-alpha.0
• pnpm-experiment
• porting-passkey-experiments
• refactor-146-npm-workspaces
• refactor-signer-logic
• refactor-webauthn-signing
• refs/tags/4337/v0.2.0
• refs/tags/4337/v0.3.0
• refs/tags/4337/v0.3.0-1
• refs/tags/allowance/v0.1.1
• refs/tags/passkey/v0.2.0
• refs/tags/passkey/v0.2.1
• refs/tags/passkey/v0.2.1-1
• refs/tags/recovery/v0.1.0
• refs/tags/v0.1.0
• rename-4337-module
• rename-contract-file
• rename-prefund-param
• rename-validation-return
• revert-216-fix-entrypoint-natspec
• safe-recovery-setup
• sign-all-gas-parameters
• sign-full-op
• sign-paymaster-data
• sign-validity
• signer-singleton
• specify-docker-command-e2e
• split-signing-message-computation
• test-all-changes-single-commit
• tests/improve-e2e-running-experience
• tiny-readme-fix
• unit-test-coverage
• unit-test-coverage-2
• update-certora-audit-report
• update-hardhat-version
• update-to-entrypoint-release
• use-custom-errors
• use-erc1271-constants
• useless-launchpad
• using-factory
• utils-to-src
• v0.1
• v0.7/emit-safe-operation-event
• vendor-fcl
• wait-for-user-op
• webauthn-shim
• webauthn-singleton-signer

Build # 9478640395

Build Type

Pull #436

github

Committed by web-flow

Commit Message

Check for Double Initialization

The test/example Safe signer launchpad pattern in the ERC-4337 module directory did not contain an important security check preventing double initialization which could lead to an account being taken over.

In order to better document the security requirements for such a contract, we added the double initialization check to the pre-validation setup.

Pull Request Pull Request #436: Check for Double Initialization

Run Details

20 of 20 branches covered (100.0%)

Branch coverage included in aggregate %.

39 of 39 relevant lines covered (100.0%)

27.54 hits per line