Closed code423n4 closed 1 year ago
warden should re-review https://eips.ethereum.org/EIPS/eip-1271
and also note the reference implementation
function callERC1271isValidSignature(
address _addr,
bytes32 _hash,
bytes calldata _signature
) external view {
bytes4 result = IERC1271Wallet(_addr).isValidSignature(_hash, _signature);
require(result == 0x1626ba7e, "INVALID_SIGNATURE");
}
0xean marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-03-aragon/blob/main/packages/contracts/src/core/dao/DAO.sol#L247-L258
Vulnerability details
Impact
An unexpected return value from the EIP1271 signature verification can lead to authorization for unwanted operations in external protocols.
Proof of Concept
As shown in the EIP1271 standard specification, when a signature is not valid, the returned magic value is
0xffffffff
:In the DAO contract, a signatureValidator smart contract is responsible for determining the validity of a given signature. However, when signatureValidator is not set, the signature is considered invalid, and a magic number of 0x00000000 is returned instead of the one from the standard:
Consider the case where an external protocol that has to validate a given signature performs the following check:
In the above case, if the externally passed
from
address is the address of the DAO and there is nosignatureValidator
set, the returned magic value will be 0x00000000 while it is expected to be 0xffffffff. This will break the signature verification mechanism and allow execution of any arbitrary operation in the external contract, possibly leading to stolen funds or just unexpected authorization of arbitrary operations.Tools Used
Manual review
Recommended Mitigation Steps
Return the correct 'invalid magic number' when
signatureValidator
is not set: