Merkle tree have been found to be vulnerable to cross-chain-replay attacks. These attacks occur when an attacker replays transactions from one blockchain onto another blockchain that has a similar Merkle tree implementation, thereby tricking the victim into accepting forged data as legitimate.
The vulnerability arises due to the fact that Merkle trees are often constructed in a universal way that can be used across multiple blockchains. This approach, while increasing efficiency, can also create security risks.
Proof of Concept
If there's a fork, an attacker can monitor the blockchain for calls to operation to the protocol functionalities, and then make the same call with the same arguments on the other chain, which will send funds to the unsupported address.
Tools Used
Manual Review
Recommended Mitigation Steps
Enforce chain specific signature schemes to prevent from cross-chain replay attacks. Add a mechanism to allow tokens to be transferred to a different address using permit function from EIP-2612
Lines of code
https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L661-#L687
Vulnerability details
Impact
Merkle tree have been found to be vulnerable to cross-chain-replay attacks. These attacks occur when an attacker replays transactions from one blockchain onto another blockchain that has a similar Merkle tree implementation, thereby tricking the victim into accepting forged data as legitimate.
The vulnerability arises due to the fact that Merkle trees are often constructed in a universal way that can be used across multiple blockchains. This approach, while increasing efficiency, can also create security risks.
Proof of Concept
If there's a fork, an attacker can monitor the blockchain for calls to operation to the protocol functionalities, and then make the same call with the same arguments on the other chain, which will send funds to the unsupported address.
Tools Used
Manual Review
Recommended Mitigation Steps
Enforce chain specific signature schemes to prevent from cross-chain replay attacks. Add a mechanism to allow tokens to be transferred to a different address using permit function from EIP-2612