Signature malleability potential exists which can be carried out by malicious actor to have two or more signatures that recover signer of same message.
ecrecover function can be used to recover address by having signature and signed message hash to which it belongs.
EIP2098 can be used to modify a used signature by placing v in top of s making sign one byte shorter or flipping s and v for unpacking and carry out replay attack.
Using nonce in message payload will generate new nonce for every signature generated every time the function is called.
A nonce can prevent an old value from being used when a new value exists.
Lines of code
https://github.com/code-423n4/2023-06-llama/blob/main/src/LlamaCore.sol#L297 https://github.com/code-423n4/2023-06-llama/blob/main/src/LlamaCore.sol#L388 https://github.com/code-423n4/2023-06-llama/blob/main/src/LlamaCore.sol#L421
Vulnerability details
Impact
Signature malleability potential exists which can be carried out by malicious actor to have two or more signatures that recover signer of same message. ecrecover function can be used to recover address by having signature and signed message hash to which it belongs. EIP2098 can be used to modify a used signature by placing v in top of s making sign one byte shorter or flipping s and v for unpacking and carry out replay attack.
Proof of Concept
https://github.com/code-423n4/2023-06-llama/blob/main/src/LlamaCore.sol#L297 https://github.com/code-423n4/2023-06-llama/blob/main/src/LlamaCore.sol#L388 https://github.com/code-423n4/2023-06-llama/blob/main/src/LlamaCore.sol#L421
Tools Used
Manual Review
Recommended Mitigation Steps
Using nonce in message payload will generate new nonce for every signature generated every time the function is called. A nonce can prevent an old value from being used when a new value exists.
Assessed type
Other