Open code423n4 opened 1 year ago
trust1995 marked the issue as duplicate of #143
trust1995 marked the issue as satisfactory
Dup of Low-2: https://github.com/code-423n4/2022-12-backed-findings/issues/268 but as always will advise with judges decision
trust1995 changed the severity to QA (Quality Assurance)
The issue is pretty straight forward which does not require much of the explanations. I am not sure why it is not qualified as medium one. I saw this kind of issues are treated as medium rather than QA. By marking this as QA, are we not taking attention to the issues that could cause considerable impact to the protocol in the long run.
Quality is not high enough and impact is not sufficient considering hypotheticals, for Med.
trust1995 marked the issue as grade-b
Hey guys, I think this was a dup to other ones: since we are using oracle messages we do not care about replay attacks
Lines of code
https://github.com/with-backed/papr/blob/9528f2711ff0c1522076b9f93fba13f88d5bd5e6/src/ReservoirOracleUnderwriter.sol#L64-L117
Vulnerability details
Impact
Same signature can be used in other chains if the project is launched in other chains. Signature replay attack.
Proof of Concept
https://github.com/with-backed/papr/blob/9528f2711ff0c1522076b9f93fba13f88d5bd5e6/src/ReservoirOracleUnderwriter.sol#L64-L117
nonce and chain id are not used. As per EIP 712 recommendation, they need to be included in the signature based transaction.
Tools Used
Manual review
Recommended Mitigation Steps
Follow EIP 712 standards. include domain separator. include nonce inlcude chain id.