Closed pavankv241 closed 1 year ago
code snippet:- https://github.com/LodestarFinance/lodestar-protocol/blob/relaunch-candidate/contracts/Governance/GovernorAlpha.sol#L253
Summary In above code snippet castVoteBySig can cause signature replay attack . An attacker can use same signature to vote again . So try to maintain nonce mapping for every user try to update when each user voted.
Reference https://swcregistry.io/docs/SWC-117
Recommendation A nonce mapping for message signers can be maintained; the value of which can be incremented for every successful signature validation.
mapping(address => uint) private nonces;
Severity Medium
code snippet:- https://github.com/LodestarFinance/lodestar-protocol/blob/relaunch-candidate/contracts/Governance/GovernorAlpha.sol#L253
Summary In above code snippet castVoteBySig can cause signature replay attack . An attacker can use same signature to vote again . So try to maintain nonce mapping for every user try to update when each user voted.
Reference https://swcregistry.io/docs/SWC-117
Recommendation A nonce mapping for message signers can be maintained; the value of which can be incremented for every successful signature validation.
mapping(address => uint) private nonces;
Severity Medium