From 10bf294f93ac97b86928217014cd68dd92157f7e Mon Sep 17 00:00:00 2001
From: Fangting Liu <fangting@alchemy.com>
Date: Wed, 10 Jan 2024 12:45:24 -0800
Subject: [PATCH] fix: [spearbit-107] [quantstamp-22] use memory safe revert
 instead in AccountExecutor

---
 src/account/AccountExecutor.sol                          | 5 +++--
 test/plugin/session/SessionKeyPluginWithMultiOwner.t.sol | 5 ++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/account/AccountExecutor.sol b/src/account/AccountExecutor.sol
index ebae8704..7b5c01d5 100644
--- a/src/account/AccountExecutor.sol
+++ b/src/account/AccountExecutor.sol
@@ -93,8 +93,9 @@ abstract contract AccountExecutor {
             )
             case 0 {
                 // Bubble up the revert if the call reverts.
-                returndatacopy(0, 0, returndatasize())
-                revert(0, returndatasize())
+                let m := mload(0x40)
+                returndatacopy(m, 0x00, returndatasize())
+                revert(m, returndatasize())
             }
             default {
                 // Otherwise, we return the first word of the return data as the validation data
diff --git a/test/plugin/session/SessionKeyPluginWithMultiOwner.t.sol b/test/plugin/session/SessionKeyPluginWithMultiOwner.t.sol
index fd7a055f..1e5e7f2e 100644
--- a/test/plugin/session/SessionKeyPluginWithMultiOwner.t.sol
+++ b/test/plugin/session/SessionKeyPluginWithMultiOwner.t.sol
@@ -279,8 +279,7 @@ contract SessionKeyPluginWithMultiOwnerTest is Test {
     function testFuzz_sessionKey_userOpValidation_invalidSig(uint8 sessionKeysSeed, uint64 signerSeed) public {
         _createSessionKeys(sessionKeysSeed);
 
-        (address signer, uint256 signerPrivate) =
-            makeAddrAndKey(string.concat("Signer", vm.toString(uint32(signerSeed))));
+        (address signer,) = makeAddrAndKey(string.concat("Signer", vm.toString(uint32(signerSeed))));
 
         // The signer should not be a session key of the plugin - this is exceedingly unlikely but checking
         // anyways.
@@ -310,7 +309,7 @@ contract SessionKeyPluginWithMultiOwnerTest is Test {
 
         vm.prank(address(account1));
         vm.expectRevert(abi.encodeWithSelector(ISessionKeyPlugin.InvalidSignature.selector, signer));
-        uint256 result = sessionKeyPlugin.userOpValidationFunction(
+        sessionKeyPlugin.userOpValidationFunction(
             uint8(ISessionKeyPlugin.FunctionId.USER_OP_VALIDATION_SESSION_KEY), userOp, userOpHash
         );
     }