Alchemy Light Account
Summary
Alchemy developed a `LightAccount` contract that is based on `eth-infinitism`'s implementation of `SimpleAccount`. The main modifications include adopting the unstructured storage pattern, the addition of `isValidSignature()`, and the modification of `_validateSignature()` to support `ERC-1271 `. Generally, the code is well written, most of the logic is similar to the original implementation, and the changes were well documented. However, we have found the support of `ERC-1271 ` may clash with the intention of `ERC-4337` itself in some cases. This clash leads to the incompatibility of certain use cases of `ERC-1271 ` with the core design of `ERC-4337`, particularly in the validation stage of the bundler. These clashes can be particularly seen in ALC-1 and ALC-2. The test suite consists of 36 tests, all of which successfully pass and achieve a branch coverage of 100%. A mutation testing tool called SuMo has also been run on the code base. Mutation testing allows us to evaluate the coverage of the test suite, beyond branch coverage. SuMo has highlighted a mutation score of 78.21%, which is good, but testing around enforcing binary comparison conditions and require statements could be improved. **Fix Review** All issues have been either fixed, mitigated, or acknowledged by the Alchemy team in the commit `912340322f7855cbc1d333ddaac2d39c74b4dcc6 `. **Disclaimer** It is important to note that this audit was limited to the `LightAccount` itself and the integration with `ERC-4337`. This audit did not cover the `ERC-4337` implementation itself. The `LightAccount` also featured a basic version of `ERC-1271` signature verification. While the contracts in scope do not include any potential verifying smart contract, we do want to point out that an uncareful implementation of a verifying smart contract could be vulnerable to signature malleability.
Issues (7)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 5 | - | - | - | 5 |
Fixed | 2 | - | - | - | 2 |
| Total | 7 | 0 | 0 | 0 | 7 |