From cb79059e6b81c91108803c230470736b268857b1 Mon Sep 17 00:00:00 2001 From: Akshay Date: Thu, 8 Aug 2024 14:47:24 +0200 Subject: [PATCH] Update modules/4337/contracts/Safe4337Module.sol Co-authored-by: Nicholas Rodrigues Lordello --- modules/4337/contracts/Safe4337Module.sol | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/4337/contracts/Safe4337Module.sol b/modules/4337/contracts/Safe4337Module.sol index 3eadd2cd..9540e608 100644 --- a/modules/4337/contracts/Safe4337Module.sol +++ b/modules/4337/contracts/Safe4337Module.sol @@ -224,7 +224,7 @@ contract Safe4337Module is IAccount, HandlerContext, CompatibilityFallbackHandle * However, there is an edge case that `_checkSignaturesLength` function cannot detect. * Since the `signature` field in UserOp is not part of the UserOp hash a malicious bundler can manipulate the * field(s) storing the signature length and pad additional bytes to the dynamic part of the signatures which will - * make `_checkSignaturesLength` to return true. In such cases, it is the responsibility of the signature verifier + * make `_checkSignaturesLength` to return true. In such cases, it is the responsibility of the Safe signature validator * (which can be a Safe or any other contract) that supports ERC-1271 and is the owner of the Safe to check for * additional padded bytes to the signatures data. * @param signatures Signatures data.