search

code-423n4 / 2022-07-axelar-findings

0 stars 0 forks source link

Direct usage of ecrecover allows signature malleability #229

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-07-axelar/blob/main/xc20/contracts/ERC20Permit.sol#L57

Vulnerability details

Impact

The permit function of ERC20Permit calls the Solidity ecrecover function directly to verify the given signatures. However, the ecrecover EVM opcode allows malleable (non-unique) signatures and thus is susceptible to replay attacks. This can leads to permit on the behalf of user.

Although a replay attack seems not possible here since the nonce is increased each time, ensuring the signatures are not malleable is considered a best practice (and so is checking _signer != address(0), where address(0) means an invalid signature).

Proof of Concept

https://swcregistry.io/docs/SWC-117

https://swcregistry.io/docs/SWC-121

Tools Used

Code Review

Recommended Mitigation Steps

Use the recover function from OpenZeppelin's ECDSA library for signature verification.

GalloDaSballo commented 2 years ago

Anti-malleability check: https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/xc20/contracts/ERC20Permit.sol#L45

Address-zero check: https://github.com/code-423n4/2022-07-axelar/blob/9c4c44b94cddbd48b9baae30051a4e13cbe39539/xc20/contracts/ERC20Permit.sol#L62

GalloDaSballo commented 2 years ago

Disputed per the comment above