Coinbase Spend Permissions ERC-6492 Audit
Cantina Security Report
Organization
- @coinbase
Engagement Type
Cantina Reviews
Period
-
Repositories
N/A
Researchers
ERC-6492 Integration and Withdrawal Logic Review for Coinbase
Coinbase continues to expand its smart wallet functionality with Spend Permissions, enabling users to delegate token approvals through signature-based flows. These permissions integrate with ERC-6492 and support combined withdrawal and spending operations via MagicSpend.
To validate these features, Coinbase engaged Cantina for a security audits review. The audit surfaced potential confusion around spendWithWithdraw() behavior, inconsistencies between native token encodings, and edge-case risks in ERC-721 handling and malformed batch permissions. While no critical vulnerabilities were identified, refinements were made to nonce encoding, error surfacing, and ERC-165 usage.
Cantina provides additional support for smart wallet ecosystems like Coinbase through bug bounty programs, crowdsourced security competitions, and multisig security, helping teams manage secure wallet extensions and delegated approval systems.
Findings
Low Risk
1 findings
1 fixed
0 acknowledged
Informational
8 findings
2 fixed
6 acknowledged