Open RonTuretzky opened 3 months ago
There is currently a minor vulnerability with the signature checker in that it only requires percentages in the signature. This means that the same signature can be replayed multiple times, so a users percentages can be reset using any valid signature. To prevent this, the signature should encode a timestamp after which the signature is no longer valid OR use a nonce.
There is currently a minor vulnerability with the signature checker in that it only requires percentages in the signature. This means that the same signature can be replayed multiple times, so a users percentages can be reset using any valid signature. To prevent this, the signature should encode a timestamp after which the signature is no longer valid OR use a nonce.
Removed this feature on the dev branch
as @bagelface wrote
https://docs.openzeppelin.com/contracts/5.x/api/utils#SignatureChecker