From f7f1214acbadeffa21dcaa6725ac5de126846360 Mon Sep 17 00:00:00 2001 From: Akshay Date: Thu, 8 Aug 2024 14:46:56 +0200 Subject: [PATCH] Update modules/4337/contracts/Safe4337Module.sol Co-authored-by: Nicholas Rodrigues Lordello --- modules/4337/contracts/Safe4337Module.sol | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/4337/contracts/Safe4337Module.sol b/modules/4337/contracts/Safe4337Module.sol index c377abef..3eadd2cd 100644 --- a/modules/4337/contracts/Safe4337Module.sol +++ b/modules/4337/contracts/Safe4337Module.sol @@ -219,7 +219,7 @@ contract Safe4337Module is IAccount, HandlerContext, CompatibilityFallbackHandle * fixed in size, the Smart Contract signature can be of arbitrary length. Safe encodes the Smart Contract * signature length in the signature data. If appropriate length checks are not performed during the signature * verification then a malicious bundler can pad additional bytes to the signatures data and make the account pay - * more gas than needed for user operation validation and reach the verificationGasLimit. + * more gas than needed for user operation validation and reach the `verificationGasLimit`. * `_checkSignaturesLength` function checks for the presence of any padded bytes to the `signature` data. * However, there is an edge case that `_checkSignaturesLength` function cannot detect. * Since the `signature` field in UserOp is not part of the UserOp hash a malicious bundler can manipulate the