search

code-423n4 / 2021-10-ambire-findings

0 stars 0 forks source link

If zero address is added as privilege anyone can execute arbitrary transactions #37

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

cmichel

Vulnerability details

The SignatureValidator.recoverAddrImpl function does not revert on invalid signatures and returns zero instead. Thus if anyone added the zero address to their privileges by accident, funds can be stolen in Identity.execute.

Recommended Mitigation Steps

Unless there's a valid reason for the SignatureMode.NoSig mode, consider reverting if ecrecover returns the zero address indicating an invalid signature.

Ivshti commented 2 years ago

duplicate of #2

Ivshti commented 2 years ago

resolved in https://github.com/AmbireTech/adex-protocol-eth/commit/08d050676773fcdf7ec1c4eb53d51820b7e42534

GalloDaSballo commented 2 years ago

Agree with the finding: If zero address is added as privilege, then ecrecover will fallback to zero on invalid signature, allowing for potential exploits

Other wardens also reported this finding, with higher severity.

I'll go with low severity on this and the other findings