Cryptocurrency infrastructure firm Fireblocks has identified and assisted in tackling what it describes as the first account abstraction vulnerability within the Ethereum ecosystem.
An announcement on Oct. 26 unpacked the discovery of an ERC-4337 account abstraction vulnerability in the smart contract wallet UniPass. The two firms worked together to address the vulnerability, which was reportedly found in hundreds of mainnet wallets during a ‘whitehat’ hacking operation.
According to Fireblocks, the vulnerability would allow a potential attacker to carry out a full account takeover of UniPass wallet by manipulating Ethereum’s account abstraction process.
As per Ethereum’s developer documentation on ERC-4337, account abstraction allows for a shift in the way transactions and smart contracts are processed by the blockchain to provide flexibility and efficiency.
Conventional Ethereum transactions involve two types of accounts, externally owned accounts (EOAs) and contract accounts. EOAs are controlled by private keys and can initiate transactions, while contract accounts are controlled by the code of a smart contract. When an EOA sends a transaction to a contract account, it triggers the execution of the contract’s code.
Account abstraction introduces the idea of a meta-transaction or more generalized abstracted accounts. Abstracted accounts are not tied to a specific private key and are able to initiate transactions and interact with smart contracts just like an EOA.
As Fireblocks explains, when an ERC-4337-compliant account executes an action, it relies on the Entrypoint contract to make sure only signed transactions get executed. These accounts typically trust an audited single EntryPoint contract to ensure that it receives permission from the account before executing a command:
“It’s important to note that a malicious or buggy entrypoint could, in theory, skip the call to “validateUserOp” and just call the execution function directly, as the only restriction it has is that it’s called from the trusted EntryPoint.”
According to Fireblocks, the vulnerability allowed an attacker to gain control of UniPass wallets by replacing the trusted EntryPoint of the wallet. Once the account takeover was complete, an attacker would be able to access the wallet and drain its funds.
Several hundred users that had the ERC-4337 module activated in their wallets were…