Skip to content

Non-SMA and Webauthn Account Security Advisory

High
adamegyed published GHSA-56r6-ccm5-8hg3 Jul 17, 2025

Package

npm @account-kit/smart-contracts (npm)

Affected versions

>= 4.42.0 <= 4.51.0

Patched versions

>= 4.52.0
Modular Account
<=v2.0.0
>=2.0.1

Description

Impact

We've mitigated a potential security issue on old account deployment functions from the factory. Smart wallets in use on all existing supported networks are not impacted.

Patches

Please direct creation of new wallets to either createSemiModularAccount on AccountFactory.sol or createWebAuthnAccount on WebAuthnFactory.sol.

Severity

High

CVE ID

No known CVE

Weaknesses

No CWEs

Credits