kinto-core
kinto-core copied to clipboard
KintoXYZ
Fix KintoInflator
Description
Before 265418
After 138734
- Fixes the bug related to limited byte size for user operations.
- Reduces the number of lines by 55.
- Improves gas efficiency for simple UserOperations by 48%, with even greater improvements for larger operations.
Can be gas golfed more with assembly. A good work test for a Solidity dev.
Type of change
- [x] Bug fix
- [ ] New feature
- [ ] Breaking change
- [ ] Dependency changes
- [ ] Deployment
- [ ] Forge Script
- [ ] Code refactor / cleanup
- [ ] Documentation or wording changes
- [ ] Other
Checklist:
- [x] The diff is legible and has no extraneous changes
- [x] Complex code has been commented, including external interfaces
- [x] Tests have 100% code coverage
- [x] The base branch is either
main, or there's a description of how to merge
Issue Resolution
Fix KintoInflator
Generated at commit: 70ea1a99d27dd6df931f4c3275fd99f7bf50d213
🚨 Report Summary
| Severity Level | Results | |
|---|---|---|
| Contracts | Critical High Medium Low Note Total | 3 1 0 12 40 56 |
| Dependencies | Critical High Medium Low Note Total | 0 0 0 0 0 0 |
For more details view the full report in OpenZeppelin Code Inspector
![openzeppelin-code[bot] avatar](https://avatars.githubusercontent.com/in/331481?v=4 "Published by a pub.dev verified publisher"){kind=small}
Slither report
THIS CHECKLIST IS NOT COMPLETE. Use --show-ignored-findings to show all the results.
Summary
- arbitrary-send-eth (4 results) (High)
arbitrary-send-eth
Impact: High Confidence: Medium
- [ ] ID-0 BaseAccount._payPrefund(uint256) sends eth to arbitrary user Dangerous calls:
https://github.com/KintoXYZ/kinto-core/blob/d681e6c2379cb0419afe8addb04d346581172f20/node_modules/account-abstraction/contracts/core/BaseAccount.sol#L118-L127
- [ ] ID-1 Governor._execute(uint256,address[],uint256[],bytes[],bytes32) sends eth to arbitrary user Dangerous calls:
https://github.com/KintoXYZ/kinto-core/blob/d681e6c2379cb0419afe8addb04d346581172f20/node_modules/openzeppelin-contracts/governance/Governor.sol#L363-L375
- [ ] ID-2 Governor.relay(address,uint256,bytes) sends eth to arbitrary user Dangerous calls:
https://github.com/KintoXYZ/kinto-core/blob/d681e6c2379cb0419afe8addb04d346581172f20/node_modules/openzeppelin-contracts/governance/Governor.sol#L593-L596
- [ ] ID-3 BaseAccount._payPrefund(uint256) sends eth to arbitrary user Dangerous calls:
https://github.com/KintoXYZ/kinto-core/blob/d681e6c2379cb0419afe8addb04d346581172f20/node_modules/account-abstraction-0.7.0/contracts/core/BaseAccount.sol#L103-L112
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
Attention: Patch coverage is 89.47368% with 2 lines in your changes missing coverage. Please review.
Project coverage is 88.55%. Comparing base (
4cac8b4) to head (70ea1a9). Report is 12 commits behind head on main.
| Files | Patch % | Lines |
|---|---|---|
| src/inflators/KintoInflator.sol | 89.47% | 2 Missing :warning: |
Additional details and impacted files
@@ Coverage Diff @@
## main #259 +/- ##
==========================================
- Coverage 89.74% 88.55% -1.20%
==========================================
Files 33 33
Lines 1746 1730 -16
==========================================
- Hits 1567 1532 -35
- Misses 179 198 +19
| Files | Coverage Δ | |
|---|---|---|
| src/inflators/KintoInflator.sol | 86.89% <89.47%> (-13.11%) |
:arrow_down: |
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}