Coinbase

Coinbase Spend Permissions ERC-6492 Audit

Cantina Security Report

Organization

@coinbase

Engagement Type

Cantina Reviews

Period

-

Repositories

N/A


ERC-6492 Integration and Withdrawal Logic Review for Coinbase

Coinbase continues to expand its smart wallet functionality with Spend Permissions, enabling users to delegate token approvals through signature-based flows. These permissions integrate with ERC-6492 and support combined withdrawal and spending operations via MagicSpend.

To validate these features, Coinbase engaged Cantina for a security audits review. The audit surfaced potential confusion around spendWithWithdraw() behavior, inconsistencies between native token encodings, and edge-case risks in ERC-721 handling and malformed batch permissions. While no critical vulnerabilities were identified, refinements were made to nonce encoding, error surfacing, and ERC-165 usage.

Cantina provides additional support for smart wallet ecosystems like Coinbase through bug bounty programs, crowdsourced security competitions, and multisig security, helping teams manage secure wallet extensions and delegated approval systems.


Findings

Low Risk

1 findings

1 fixed

0 acknowledged

Informational

8 findings

2 fixed

6 acknowledged