Add comment in _checkSignaturesLength regarding dynamic signatures

safe-global · Jul 22, 2024 · 229d1ff · 229d1ff
1 parent f84200f
commit 229d1ff
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/modules/4337/contracts/Safe4337Module.sol b/modules/4337/contracts/Safe4337Module.sol
@@ -212,9 +212,17 @@ contract Safe4337Module is IAccount, HandlerContext, CompatibilityFallbackHandle
     }
 
     /**
-     * @dev Checks if the signatures length is correct and does not contain additional bytes. The function does not
+     * @notice Checks if the signatures length is correct and does not contain additional bytes. The function does not
      * check the integrity of the signature encoding, as this is expected to be checked by the {Safe} implementation
      * of {checkSignatures}.
+     * @dev A malicious bundler can pad additional bytes to the `signatures` data, causing the account to pay more gas
+     * than needed for user operation validation. Safe account has two types of signatures: EOA and Smart Contract
+     * signatures. While the EOA signature is fixed in size, the Smart Contract signature can be of arbitrary length.
+     * Safe encodes the Smart Contract signature length in the signature data. Since, the `signature` field in UserOp
+     * is not part of the UserOp hash a malicious bundler can manipulate the field storing the signature length and pad
+     * additional bytes to the dynamic part of the signatures which will make `_checkSignaturesLength` to return true.
+     * In such cases, it is the responsibility of the signature verifier to check for additional padded bytes to the
+     * signatures data.
      * @param signatures Signatures data.
      * @param threshold Signer threshold for the Safe account.
      * @return isValid True if length check passes, false otherwise.