DESCRIPTION
The target of this audit is the code repository of OKX Smart Wallet of OKX. The project implements an Account Abstraction (AA) wallet implementation on the Ethereum Virtual Machine (EVM) compatible chains, allowing users to deploy AA smart contract wallets. It also allows Externally Owned Accounts (EOAs) to extend transaction execution logic by setting the AA wallet code, simplifying the processing of complex transaction operations.
Please refer to the report for the detailed audit scope.
Our audit methodology employs automated vulnerability scans, manual verification, and business logic analysis to uncover potential security issues coupled with gas and code quality optimization recommendations.
In summary, we did not find any critical issues within the audited codebase. However, we have identified some non-critical issues that should be addressed. Additionally, we have put forth recommendations to further strengthen the code logic, along with notes that should be taken into consideration. It is important to note that the scope of our audit was strictly limited to the specific code versions mentioned in the report. Any updates made subsequent to our review would require a re-evaluation.
KEY FINDINGS
In total, we find 2 potential issues in the smart contract. We also have 3 recommendations and 2 notes, as follows:
| ID | Severity | Description | Status |
|---|---|---|---|
| 1 | Medium | Unprotected initialization on EOA wallets | Fixed |
| 2 | Low | Incorrect ERC-7201 standard implementation | Fixed |
| 3 | - | Avoid emitting misleading events in the function createAccount() |
Fixed |
| 4 | - | Add a validation of the input validatorData length |
Fixed |
| 5 | - | Revise improper annotation | Fixed |
| 6 | - | Ensure safe integration with EntryPoint in the function executeUserOp() |
- |
| 7 | - | Version fragmentation in the proxy upgrade mechanism | - |
More details are provided in the audit report.