{"id":929,"date":"2024-10-10T15:41:16","date_gmt":"2024-10-10T13:41:16","guid":{"rendered":"https:\/\/ackee.xyz\/blog\/?p=929"},"modified":"2024-10-21T11:54:32","modified_gmt":"2024-10-21T09:54:32","slug":"zkemail-email-recovery-audit-summary","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/zkemail-email-recovery-audit-summary\/","title":{"rendered":"ZK Email Email Recovery Audit Summary"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">ZK Email account recovery module enables smart account recovery via decentralized email guardians. It&#8217;s <a href=\"https:\/\/erc7579.com\/\" target=\"_blank\" rel=\"noopener\">ERC-7579<\/a> and 4337-compatible, but also usable natively. The recovery process involves adding email addresses as guardians, which can be used to recover accounts if private keys are lost by simply sending an email with the new public key.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/prove.email\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">ZK Email<\/span><\/a><span style=\"font-weight: 400;\"> engaged Ackee Blockchain Security to perform a security review of the ZK Email\u2019sl Email Recovery for a total of 8 engineering days in a period between July 4 and July 12, 2024.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">METHODOLOGY<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">We began our review using static analysis tools, including <\/span><a href=\"https:\/\/getwake.io\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Wake<\/span><\/a><span style=\"font-weight: 400;\">. We then took a deep dive into the logic of the contracts. For testing and fuzzing, we have involved Wake testing framework. During the review, we paid special attention to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">checking initialization and configuration processes of recovery modules,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensuring proper guardian state management,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">checking event emission consistency and completeness<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">checking gas optimization and efficiency in smart contract operations,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">interaction with the <\/span><a href=\"https:\/\/eips.ethereum.org\/EIPS\/eip-7579\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">ERC-7579<\/span><\/a><span style=\"font-weight: 400;\"> standard,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">detecting possible reentrancies in the code,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensuring access controls are not too relaxed or too strict,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">looking for common issues such as data validation.\u00a0<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">SCOPE<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The audit has been performed on the commit <code class=\"codehl\">4e70316<\/code> and the exact scope was the following files:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">.\/EmailRecoveryManager.sol<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">.\/modules\/EmailRecoveryModule.sol<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">.\/modules\/UniversalEmailRecoveryModule.sol<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">.\/handlers\/EmailRecoverySubjectHandler.sol<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">.\/libraries\/EnumerableGuardianMap.sol<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">.\/libraries\/GuardianUtils.sol<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">.\/handlers\/SafeRecoverySubjectHandler.sol<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">.\/factories\/EmailRecoveryFactory.sol<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">.\/factories\/EmailRecoveryUniversalFactory.sol<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">FINDINGS<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Here are the findings from our audit.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Critical severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">No critical severity issues were found.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">High severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">H1: Multiple vulnerabilities in recovery configuration process<\/span><\/p>\n<p><span style=\"font-weight: 400;\">H2: Premature guardian configuration update in <code class=\"codehl\">addGuardian<\/code> function<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Medium severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">M1: <code class=\"codehl\">templateIdx<\/code> function parameter check is in incorrect place<\/span><\/p>\n<p><span style=\"font-weight: 400;\">M2: Maximum guardians DoS<\/span><\/p>\n<p><span style=\"font-weight: 400;\">M3: Selector collisions in <code class=\"codehl\">UniversalEmailRecoveryModule<\/code><\/span><\/p>\n<p><span style=\"font-weight: 400;\">M4: MAX + 1 validators may be configured in <code class=\"codehl\">UniversalEmailRecoveryModule<\/code><\/span><\/p>\n<p><span style=\"font-weight: 400;\">M5: <code class=\"codehl\">UniversalRecoveryModule<\/code> arbitrary Safe recovery call<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Low severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">L1: Validators can be added\/removed before module initialization in <code class=\"codehl\">UniversalEmailRecovery<\/code><\/span><\/p>\n<p><span style=\"font-weight: 400;\">L2: <code class=\"codehl\">UniversalEmailRecovery<\/code> validators cannot be disallowed after being uninstalled<\/span><\/p>\n<p><span style=\"font-weight: 400;\">L3: <code class=\"codehl\">cancelRecovery<\/code> function does not revert when no recovery is in process<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Warning severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">W1: <code class=\"codehl\">isInitialized<\/code> function returns false if initialized without guardians<\/span><\/p>\n<p><span style=\"font-weight: 400;\">W2: Unused <code class=\"codehl\">bytes32<\/code> function parameter in <code class=\"codehl\">EmailRecoveryManager<\/code><\/span><\/p>\n<p><span style=\"font-weight: 400;\">W3: Unnecessary computation of <code class=\"codehl\">calldataHash<\/code> value in <code class=\"codehl\">validateRecoverySubject<\/code> function<\/span><\/p>\n<p><span style=\"font-weight: 400;\">W4: Gas inefficiencies in <code class=\"codehl\">UniversalRecoveryModule<\/code><\/span><\/p>\n<p><span style=\"font-weight: 400;\">W5: Events missing parameters<\/span><\/p>\n<p><span style=\"font-weight: 400;\">W6: Missing <code class=\"codehl\">AddedGuardian<\/code> event emission in <code class=\"codehl\">setupGuardians<\/code> function<\/span><\/p>\n<p><span style=\"font-weight: 400;\">W7: ERC-4337 violation in <code class=\"codehl\">onInstall<\/code><\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Information severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">I1: <code class=\"codehl\">getTrustedRecoveryManager<\/code> function returns public variable <code class=\"codehl\">emailRecoveryManager<\/code><\/span><\/p>\n<p><span style=\"font-weight: 400;\">I2: Non-immutable state variables in <code class=\"codehl\">EmailRecoveryManager<\/code> contract<\/span><\/p>\n<p><span style=\"font-weight: 400;\">I3: Misleading naming<\/span><\/p>\n<p><span style=\"font-weight: 400;\">I4: Unchecked return values in <code class=\"codehl\">EnumerableGuardianMap<\/code> library<\/span><\/p>\n<p><span style=\"font-weight: 400;\">I5: Use <code class=\"codehl\">calldata<\/code> in favor of <code class=\"codehl\">memory<\/code> in function parameters<\/span><\/p>\n<p><span style=\"font-weight: 400;\">I6: Floating pragma<\/span><\/p>\n<p><span style=\"font-weight: 400;\">I7: Missing zero-address validation in constructors<\/span><\/p>\n<p><span style=\"font-weight: 400;\">I8: Modifiers not above constructors<\/span><\/p>\n<p><span style=\"font-weight: 400;\">I9: Safe <code class=\"codehl\">validateRecoverySubject<\/code> optimization<\/span><\/p>\n<p><span style=\"font-weight: 400;\">I10: Unused using-for directive<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">CONCLUSION<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Our review resulted in 27 findings across Revision 1.0 \u2013 1.2, ranging from High to Info severity. The most severe one (H1) originates from the ability to initialize the system without guardians and a zero threshold, which can lead to an invalid configuration and inconsistent guardian state. Another high severity issue (H2) refers to premature update of the guardian configuration in the addGuardian function, which can lead to a situation where the totalWeight value (the sum of weights of guardians) does not accurately reflect the total weight from accepted guardians, potentially making recovery impossible. There are additionally 3 medium severity issues related mainly to the configuration of validators in the modules and support for custom templates. The code also contains multiple low severity issues with warnings\/infos, which are mostly overlooked trivial mistakes.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Ackee Blockchain Security recommends ZK Email:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">disallow initialization of the system without guardians and a zero threshold,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensure that the system accurately tracks the sum of weights from accepted guardians,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">optimize gas usage of the contracts,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">address all other reported issues.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><b>Ackee Blockchain Security\u2019s full ZK Email audit report, which includes a more detailed description of all findings and recommendations, can be found <\/b><a href=\"https:\/\/github.com\/Ackee-Blockchain\/public-audit-reports\/blob\/master\/2024\/ackee-blockchain-zkemail-email-recovery-report.pdf\" target=\"_blank\" rel=\"noopener\"><b>here<\/b><\/a><b>.<\/b><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">We were delighted to audit ZK Email and look forward to working with them again.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ZK Email account recovery module enables smart account recovery via decentralized email guardians. It&#8217;s ERC-7579 and 4337-compatible, but also usable natively. The recovery process involves adding email addresses as guardians, which can be used to recover accounts if private keys are lost by simply sending an email with the new public key. &nbsp; ZK Email engaged Ackee Blockchain Security to perform a&hellip;<\/p>\n","protected":false},"author":27,"featured_media":930,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,10],"tags":[89,24,101,104],"class_list":["post-929","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-audits","category-ethereum","tag-audit-summary","tag-ethereum","tag-safe","tag-wake"],"aioseo_notices":[],"featured_image_src":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/10\/zkemail-600x400.png","featured_image_src_square":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/10\/zkemail-600x600.png","author_info":{"display_name":"Lukas Rajnoha","author_link":"https:\/\/ackee.xyz\/blog\/author\/lukasrajnoha\/"},"_links":{"self":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/929","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/comments?post=929"}],"version-history":[{"count":0,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/929\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media\/930"}],"wp:attachment":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media?parent=929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/categories?post=929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/tags?post=929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}