Fireblocks, UniPass Wallet tackle Ethereum ERC-4337 account abstraction vulnerability
Cryptocurrency infrastructure firm Fireblocks has identified and assisted in tackling what it describes as the first account abstraction vulnerability within the Ethereum ecosystem.
An announcement on Oct. 26 unpacked the discovery of an ERC-4337 account abstraction vulnerability in the smart contract wallet UniPass. The two firms worked together to address the vulnerability, which was reportedly found in hundreds of mainnet wallets during a white hat hacking operation.
According to Fireblocks, the vulnerability would allow a potential attacker to carry out a full account takeover of the UniPass Wallet by manipulating Ethereum’s account abstraction process.
As per Ethereum’s developer documentation on ERC-4337, account abstraction allows for a shift in the way transactions and smart contracts are processed by the blockchain to provide flexibility and efficiency.
Related: Account abstraction will drive a billion users from Asia to Web3: Consensys exec
Conventional Ethereum transactions involve two types of accounts: externally owned accounts (EOAs) and contract accounts. EOAs are controlled by private keys and can initiate transactions, while contract accounts are controlled by the code of a smart contract. When an EOA sends a transaction to a contract account, it triggers the execution of the contract’s code.
Account abstraction introduces the idea of a meta-transaction or more generalized abstracted accounts. Abstracted accounts are not tied to a specific private key and are able to initiate transactions and interact with smart contracts, just like an EOA.
As Fireblocks explains, when an ERC-4337-compliant account executes an action, it relies on the Entrypoint contract to ensure that only signed transactions get
Read more on cointelegraph.com
