search

code-423n4 / 2023-04-frankencoin-findings

5 stars 4 forks source link

Signature malleability for S #950

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-04-frankencoin/blob/main/contracts/ERC20PermitLight.sol#L21

Vulnerability details

Impact

Ethereum contracts often assumes that the signature is unique, but signatures can be altered without the possession of the private key and still be valid. The EVM specification defines several so-called ‘precompiled’ contracts one of them being ecrecover which executes the elliptic curve public key recovery. A malicious user can slightly modify the three values v, r and s to create other valid signatures. A system that performs signature verification on contract level might be susceptible to attacks if the signature is part of the signed message hash. Valid signatures could be created by a malicious user to replay previously signed messages. Resource: https://swcregistry.io/docs/SWC-117

This can lead to user's loosing funds or any unexpected behaviour.

Proof of Concept

Tools Used

Mannual Review

Recommended Mitigation Steps

Use ECDSA contract from OpenZeppelin or add additional check for s:

uint256 constant MALLEABLE_VALUE_S = (0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0);

// Check for malleable value in s.
if (uint256(s) > MALLEABLE_VALUE_S) {
    revert InvalidS();
}
c4-pre-sort commented 1 year ago

0xA5DF marked the issue as low quality report

0xA5DF commented 1 year ago

Known issue, was reported in a previous audit and the project explains well why it's not an issue

c4-pre-sort commented 1 year ago

0xA5DF marked the issue as primary issue

luziusmeisser commented 1 year ago

Known issue, was reported in a previous audit and the project explains well why it's not an issue

Exactly. This issue is out of scope for this audit.

c4-judge commented 1 year ago

hansfriese marked the issue as unsatisfactory: Out of scope