c4-judge
commented
1 year ago trust1995 marked the issue as duplicate of #143
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago trust1995 marked the issue as duplicate of #143
c4-judge
commented
1 year ago trust1995 marked the issue as satisfactory
iFrostizz
commented
1 year ago Dup of Low-2: https://github.com/code-423n4/2022-12-backed-findings/issues/268 but as always will advise with judges decision
c4-judge
commented
1 year ago trust1995 changed the severity to QA (Quality Assurance)
aktech297
commented
1 year ago The issue is pretty straight forward which does not require much of the explanations. I am not sure why it is not qualified as medium one. I saw this kind of issues are treated as medium rather than QA. By marking this as QA, are we not taking attention to the issues that could cause considerable impact to the protocol in the long run.
trust1995
commented
1 year ago Quality is not high enough and impact is not sufficient considering hypotheticals, for Med.
c4-judge
commented
1 year ago trust1995 marked the issue as grade-b
wilsoncusack
commented
1 year ago Hey guys, I think this was a dup to other ones: since we are using oracle messages we do not care about replay attacks
Lines of code
https://github.com/with-backed/papr/blob/9528f2711ff0c1522076b9f93fba13f88d5bd5e6/src/ReservoirOracleUnderwriter.sol#L64-L117
Vulnerability details
Impact
Same signature can be used in other chains if the project is launched in other chains. Signature replay attack.
Proof of Concept
https://github.com/with-backed/papr/blob/9528f2711ff0c1522076b9f93fba13f88d5bd5e6/src/ReservoirOracleUnderwriter.sol#L64-L117
nonce and chain id are not used. As per EIP 712 recommendation, they need to be included in the signature based transaction.
Tools Used
Manual review
Recommended Mitigation Steps
Follow EIP 712 standards. include domain separator. include nonce inlcude chain id.