Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Show a warning when changing the fallback handler to an untrusted contract #4720

Open
mmv08 opened this issue Jan 2, 2025 · 1 comment
Open

Show a warning when changing the fallback handler to an untrusted contract #4720

mmv08 opened this issue Jan 2, 2025 · 1 comment

Comments

@mmv08
Copy link
Member

mmv08 commented Jan 2, 2025

What is the feature about

A fallback handler is a contract that gets CALLed by a Safe contract when no matching method was found in proxies/singleton contracts. This great feature allows us to extend Safe's functionality (e.g., ERC-4337), but it's dangerous when misused.

If set to a bad contract (e.g., a token address), anyone could call the safe, and the safe would forward the call to a token as if it'd be legitimately calling the contract through execTransaction.

The list of requirements

A transaction that sets the fallback handler to an untrusted address should display a warning similar to the delegate call.
Example transaction: https://app.safe.global/transactions/tx?safe=sep:0x12c0916493b9BEd2A9882d7722191660194eB47d&id=multisig_0x12c0916493b9BEd2A9882d7722191660194eB47d_0x68004c3de4755bca601f1b3e7b945c563a8b997f5a06dedc6063151989f8ee49

Designs/sketches

To be filled by the team

Links

safe-global/safe-smart-account#879
@mmv08 mmv08 changed the title add a warning when changing the fallback handler to a contract that's untrusted Show a warning when changing the fallback handler to an untrusted contract Jan 2, 2025
@mmv08
Copy link
Member Author

mmv08 commented Jan 2, 2025

a tiny node script if someone wants to create a "bad" tx:

import { ethers } from "ethers"
import { default as SafeApiKit } from "@safe-global/api-kit"
import Safe from "@safe-global/protocol-kit"

function build1193Provider(provider: ethers.InfuraProvider) {
  return {
    request: (args: any) => provider.send(args.method, args.params),
  }
}

const SAFE_ADDRESS = "0x12c0916493b9BEd2A9882d7722191660194eB47d"
const SENDER_ADDRESS = "0x02270bd144e70cE6963bA02F575776A16184E1E6"
const PRIVATE_KEY = ""
const provider = new ethers.InfuraProvider("sepolia", "")

// @ts-ignore
const protocolKit = await Safe.default.init({
  provider: build1193Provider(provider),
  signer: PRIVATE_KEY,
  safeAddress: SAFE_ADDRESS,
})

const changeFallbackHandlerTx = await protocolKit.createEnableFallbackHandlerTx(
  "0xB4F1737Af37711e9A5890D9510c9bB60e170CB0D"
)

// @ts-ignore
const apiKit = new SafeApiKit.default({
  chainId: 11155111n,
})

const safeTxHash = await protocolKit.getTransactionHash(changeFallbackHandlerTx)
const senderSignature = await protocolKit.signHash(safeTxHash)

await apiKit.proposeTransaction({
  safeAddress: SAFE_ADDRESS,
  safeTransactionData: changeFallbackHandlerTx.data,
  safeTxHash,
  senderAddress: SENDER_ADDRESS,
  senderSignature: senderSignature.data,
})

@github-project-automation github-project-automation bot moved this to New issues in Safe{Wallet} Jan 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Safe{Wallet}
Status: New issues
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mmv08