Don't let owner be zero address or verifying signer (#19)

mdehoog · web-flow · commit 70833850c8d3 · 2023-11-02T15:04:33.000-10:00
diff --git a/src/Paymaster.sol b/src/Paymaster.sol
@@ -97,6 +97,12 @@ contract Paymaster is BasePaymaster {
         revert("Paymaster: renouncing ownership is not allowed");
     }
 
+    function transferOwnership(address newOwner) public override onlyOwner {
+        require(newOwner != address(0), "Paymaster: owner cannot be address(0)");
+        require(newOwner != verifyingSigner, "Paymaster: owner cannot be the verifyingSigner");
+        _transferOwnership(newOwner);
+    }
+
     receive() external payable {
         // use address(this).balance rather than msg.value in case of force-send
         (bool callSuccess, ) = payable(address(entryPoint)).call{value: address(this).balance}("");
diff --git a/test/Paymaster.t.sol b/test/Paymaster.t.sol
@@ -61,6 +61,16 @@ contract PaymasterTest is Test {
         paymaster.renounceOwnership();
     }
 
+    function test_zeroAddressTransferOwnership() public {
+        vm.expectRevert("Paymaster: owner cannot be address(0)");
+        paymaster.transferOwnership(address(0));
+    }
+
+    function test_verifyingSignerTransferOwnership() public {
+        vm.expectRevert("Paymaster: owner cannot be the verifyingSigner");
+        paymaster.transferOwnership(PAYMASTER_SIGNER);
+    }
+
     function test_getHash() public {
         UserOperation memory userOp = createUserOp();
         userOp.initCode = "initCode";
