Tagged
Argent Security blogTechnicalStarknet

An update on an Argent X bug

The power of building in the open

Julien Niset
Nov 17, 2022

  • We were made aware of a bug after the release of Argent X 5.0. The bug was resolved within 3 hours of disclosure. No accounts were impacted
  • The bug only impacted a small number of Argent X users who upgraded to the latest version. It did not impact our other products, including our mobile wallet services on L1 or zkSync.

Building in the open enables anyone to inspect and audit our code. This means that the wider ecosystem can transparently work together to help improve processes and identify bugs.

This week, we were made aware of a bug by the team at Braavos. Transparency is in our DNA, so we’d like to share some more information on what happened and how we fixed it. We would like to make it clear that no accounts were impacted.

What happened?

On Monday, we published release 5.0 of Argent X, supporting the new Cairo 0.10 version. Cairo 0.10 introduces a new transaction type and 2 new methods to the account interface: validate and validate_declare.

To support the migration of accounts from the old interface to the new interface, StarkNet 0.10 had to support legacy transactions for a short period of time.

Sending a legacy transaction to the new account caused the Cairo VM to bypass the validate method and therefore its security checks. 

No accounts were impacted

How we fixed it

Following the disclosure of the issue on Wednesday evening, we immediately deployed a new version of the account to StarkNet mainnet and released the patched version 5.0.3 of Argent X for Chrome and Firefox users. This release asks users to upgrade their accounts to the new version.

In parallel, we collaborated with the StarkWare team to deprecate legacy transactions on the impacted Argent X accounts. No accounts were impacted

The power of building in the open

StarkNet is incredibly early, with a passionate developer community dedicated to growing the ecosystem, sharing a joint goal of making StarkNet the best it can be. 

While the emergence of new wallets to StarkNet may appear to create rivalries. It’s a facade. We’re all working towards a common goal of making StarkNet the best it can be, as demonstrated by the bug disclosure coming from Braavos. We’d like to take this opportunity to publicly thank Braavos for bringing this to our attention.

This reaffirms the power of building collaboratively and in the open, as it meant that this bug was quickly identified and resolved.    

Next steps 

While we appreciate upgrades can be an annoyance, for as long as StarkNet is in alpha (until regenesis), we can't guarantee that there won't be any more updates in the near future. These updates are necessary for the continuing process of improving StarkNet. After regenesis, updates will be much less frequent as Starknet matures and leaves the alpha phase.

There will be a further comprehensive audit of our contracts as well as a new bug bounty program in place once Cairo 1.0 is live before the full StarkNet launch.

Interested in the topic? Join us!

We’re always looking for outstanding engineers to help us pioneer better UX and security in crypto. We work remotely across Europe.

Argent careers

Related Blogs

Part I: WTF is Account Abstraction

Learn why it’s a game changer for crypto's adoption

Argent X StarkNet launch

The first StarkNet wallet.

Why EOA Wallets are a Threat to the Future of Blockchain

Or: How to Bring Self-Custody to Billions of People

Own It

We use 🍪 cookies to personalise your experience on Argent. Privacy Policy

Accept

Argent

Company

Security & Support

HQ London, made with ❤️ across Europe