search

code-423n4 / 2023-01-biconomy-findings

6 stars 8 forks source link

Failed transactions may lead to fund loss via replay attacks #514

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L192-L245

Vulnerability details

Impact

Failed transactions inside executeTransaction() will revert and make the nonces[] remain intact. Thus a replay attack with signature arguments is possible.

Proof of Concept

One can make replay attacks with the reverted executeTransaction() function and reproduce this transaction with identical signatures, leading to unexpected fund loss. https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L216

Tools Used

Manual Review

Recommended Mitigation Steps

The failed transactions should also increase the nonce.

c4-judge commented 1 year ago

gzeon-c4 marked the issue as unsatisfactory: Invalid

c4-sponsor commented 1 year ago

livingrockrises marked the issue as sponsor disputed