search

code-423n4 / 2023-01-biconomy-findings

7 stars 9 forks source link

`validatePaymasterUserOp` allows for signature malleability #408

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/paymasters/verifying/singleton/VerifyingSingletonPaymaster.sol#L107

Vulnerability details

Impact

The validatePaymasterUserOp allows for both 64 and 65 sig lengths:

require(sigLength == 64 || sigLength == 65, "VerifyingPaymaster: invalid signature length in paymasterAndData");

This might result in signature malleability depending on which ECDSA version is used.

Proof of Concept

As already above described, the validatePaymasterUserOp function lays the first step for potential signature malleability due to it accepting a length of 64 as well. Depending on the used version of ECDSA.sol this will result in a potential vulnerability. We are aware that the deployment will most probably automatically use the fixed ECDSA.sol contract, however, if this codebase is ever forked with an older ECDSA.sol version, the vulnerability will occur, while this could be easily fixed. Hence the medium risk rating.

Tools Used

VSCode

Recommended Mitigation Steps

Consider limiting the sigLength acceptance to 65 in order to prevent potential signature malleabilities.

c4-judge commented 1 year ago

gzeon-c4 marked the issue as duplicate of #453

c4-sponsor commented 1 year ago

livingrockrises marked the issue as sponsor confirmed

c4-judge commented 1 year ago

gzeon-c4 marked the issue as unsatisfactory: Invalid