search

code-423n4 / 2022-01-openleverage-findings

0 stars 0 forks source link

Use of ecrecover is susceptible to signature malleability #226

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

defsec

Vulnerability details

Impact

The ecrecover function is used in permit() to recover the address from the signature. The built-in EVM precompile ecrecover is susceptible to signature malleability which could lead to replay attacks (references: https://swcregistry.io/docs/SWC-117, https://swcregistry.io/docs/SWC-121 and https://medium.com/cryptronics/signature-replay-vulnerabilities-in-smart-contracts-3b6f7596df57).

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/XOLE.sol#L377

Tools Used

None

Recommended Mitigation Steps

Consider using OpenZeppelin’s ECDSA library (which prevents this malleability) instead of the built-in function.

0xleastwood commented 2 years ago

The warden has no showed how this function is prone to signature malleability. digest used seems to utilise a nonce, chainId and address(this). Seems pretty safe to me.