Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • HACKING
  • SLOT
  • CASINO
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • HACKING
  • SLOT
  • CASINO
  • SUBMIT
Crypto Flexs
Home»HACKING NEWS»Rhinestone ERC-7579 Safety Adapter Audit Summary
HACKING NEWS

Rhinestone ERC-7579 Safety Adapter Audit Summary

By Crypto FlexsOctober 28, 20244 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Rhinestone ERC-7579 Safety Adapter Audit Summary
Share
Facebook Twitter LinkedIn Pinterest Email

rhinestone’s ERC-7579 adapter for Safe smart accounts provides full ERC-4337 and ERC-7579 compliance, which is achieved by acting as a fallback handler and enabled module for Safe. As a result, all safe smart accounts can utilize all ERC-7579 modules. The adapter can be added to an existing Safe smart account. However, a launchpad has also been developed that allows you to set up new safe smart accounts using an already activated ERC-7579 adapter.

rhinestone collaborated with Ackee Blockchain Security to conduct a security review of the rhinestone ERC-7570 adapter for secure smart accounts over a period of 16 days, from June 3 to June 14, 2024.

Additionally, rhinestone collaborated with Ackee Blockchain Security and donated a total of three days of engineering time between July 2 and July 5, 2024 to conduct an incremental security review of the updated version of the Safe7579 module.

methodology

We began our review using static analysis tools, including: awake with Solidity(Wake) VS Code Extension. We then took a closer look at the logic of the contract. Used Wake testing framework for testing and fuzzing. During the review process, we paid special attention to the following:

  • Use Launchpad to ensure safe deployment,
  • Check module management logic and multi-type module installation,
  • Check for alternative handler implementations,
  • Check for possible DoS scenarios,
  • Check the possibility of precedence,
  • Ensure delegate calls are used correctly,
  • Detect possible reentrancy in your code,
  • Verify compliance with the ERC used;
  • Ensure access controls are neither too relaxed nor too strict
  • I’m looking for common problems like data validation.

range

An audit has been performed on the commit. 90dd363 The range is as follows:

  • core/
    • AccessControl.sol
    • ExecutionHelper.sol
    • initializer.sol
    • ModuleManager.sol
    • RegistryAdapter.sol
    • SetupDCUtil.sol
  • lib/
    • ExecutionLib.sol
    • ModeLib.sol
  • Utilities/
    • DCUtil.sol
    • Safe7579UserOperationBuilder.sol
  • DataTypes.sol
  • Safe7579.sol
  • Safe7579Launchpad.sol

Findings

The audit results are as follows:

critical severity

C1: ERC-4337 Counterfactual addresses can be stolen

Severity High

H1: initializeAccount Vulnerable to frontrunning

H2: Executor is not available.

medium severity

M1: Missing events and onInstall call _initModules

M2: BatchedExecUtil._tryExecute upside down success

M3: BatchedExecUtil.tryExecute single return value

M4: ModuleManager._installHook Overwriting SIG hooks

M5: Locked Aether

low severity

L1: Alternative handler CallType check

L2: Missing domain-specific message encoding. signedMessages

L3: Violation of ERC-4337 factory standard

L4: _multiTypeInstall Module type verification

warning severity

W1: postCheck The functionality is different from the EIP-7579 interface.

W2: uninstallModule Revert to a multi-type module.

W3: Hooks can prevent module removal.

W4: Missing data validation

W5: public functions prefixed with underscores

W6: Hardcoded Enum.Operation value

W7: Incomplete and unused Safe7579UserOperationBuilder

W8: missing TryExecutionFailed emit

Information Severity

I1: Duplicate code

I2: Unused code

I3: Typos and incorrect documentation

I4: Code structure

W9: Safe does not implement the validator interface.

W10: Inconsistent signature verification

I5: Unused Used

I6: Typo

conclusion

The review resulted in 28 findings, ranging in severity from informational to critical. The most severe attacks allow an attacker to first launch a Safe deployment using Launchpad and take control of smart wallets created using it (see: C1). For other high severity issues, see: Safe7579.initializeAccount Execute the function in front (H1) and the wrong context was used. withRegistry modifier Safe7579.executeFromExecutor function (H2). Intermediate problems are mostly minor mistakes that are overlooked. The overall code quality is average, the code base contains TODO, unused code, and the project is not fully covered in the NatSpec documentation.

Ackee Blockchain Security recommends Rhinestones.

  • Fix newly deployed safety argument possibilities,
  • protect Safe7579.initializeAccount front running function,
  • Fix the context withRegistry modifier Safe7579.executeFromExecutor function,
  • Fix SIG hook override,
  • solve a problem success Return value when executing batch,
  • calling module onInstall function while _initModule process,
  • Resolve all TODOs and remove unused code.
  • Cover your code base with NatSpec documents,
  • Addresses all other reported issues.
  • We also recommend that you conduct ongoing internal peer code reviews.

Ackee Blockchain Security’s full Rhinestone Audit report, which includes a detailed description of all findings and recommendations, can be found here.

We were delighted to appreciate Rhinestone and look forward to working together again.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Are you ready to token everything?

September 1, 2025

After BTS Star Jungkook has 39 billion hacking, South Korea will crack down on encryption fraud.

August 30, 2025

The US government checks the economic data on the chain with 60% Pyth Rocket 60% Pyth Network.

August 28, 2025
Add A Comment

Comments are closed.

Recent Posts

TOKEN2049 Singapore stops all records with the world’s largest Web3 event with 25,000 attendees in unprecedented demand.

September 3, 2025

Simultaneously Mine Dogecoin (DOGE), Ripple (XRP), And SOL

September 3, 2025

Simultaneously Mine Dogecoin (DOGE), Ripple (XRP), And SOL

September 3, 2025

Cango Inc. Announces August 2025 Bitcoin Production And Mining Operations Update

September 2, 2025

BitMine Immersion (BMNR) Announces Release Of August Investor Presentation And Latest Video Message From Tom Lee, Chairman

September 2, 2025

Pioneering AI Visionary Vincent Boucher & AGI Alpha Announce A Meta‑Agentic AGI Jobs Marketplace Platform

September 2, 2025

Meme Coin Little Pepe Raises Above $24M In Presale With Over 39,000 Holders

September 2, 2025

Bybit WSOT 2025 Attracts Quadruple Squads As $8M Main Competition Commences

September 2, 2025

Duration Of The Process And Important Nuances

September 2, 2025

PrimeXBT Launches “Empowering Traders To Succeed” Campaign, Leading A New Era Of Trading

September 2, 2025

Korean sleeves cut Tesla and pivot with encryption stocks.

September 2, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

TOKEN2049 Singapore stops all records with the world’s largest Web3 event with 25,000 attendees in unprecedented demand.

September 3, 2025

Simultaneously Mine Dogecoin (DOGE), Ripple (XRP), And SOL

September 3, 2025

Simultaneously Mine Dogecoin (DOGE), Ripple (XRP), And SOL

September 3, 2025
Most Popular

Travala’s new Bitcoin incentive aims to increase cryptocurrency adoption and real-world usability.

January 7, 2025

Galaxy Launches $113 Million Crypto Fund and Nansen Launches Ether ETF Dashboard: Finance Redefinition

July 27, 2024

BYDFI officially launched the on-chain trading Tool Moonx to guide the CEX + DEX dual engine era.

April 18, 2025
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.