issues
search
ajna-finance
/
ajna-core
The Ajna protocol is a non-custodial, peer-to-peer, permissionless lending, borrowing and trading system that requires no governance or external price feeds to function.
https://www.ajna.finance/
Other
31
stars
11
forks
source link
Sherlock-35 Final: Nonce is not incremented, leading to signature replay
#906
Closed
prateek105
closed
1 year ago
prateek105
commented
1 year ago
Description of change
High level
Nonce is not incremented in
permit
which allows the user to replay the same signature even after the owner manually revokes his approval after
permit
.
Fixed with Increment nonces in approve to avoid signature replay.
Description of bug or vulnerability and solution
See -
https://github.com/sherlock-audit/2023-04-ajna-judging/issues/35
Fixed with incrementing nonces in approve
Description of change
High level
permitwhich allows the user to replay the same signature even after the owner manually revokes his approval afterpermit.Description of bug or vulnerability and solution