there is function that is susceptible to signature malleability which allows replay attacks in the contract GovernorCharlie.sol especially in executeTransaction( which could be very dangerous and lead to unwanted results like replay attacks in executing transactions.
A signature should never be included into a signed message hash to check if previous messages have been processed by the contract.
Lines of code
https://github.com/code-423n4/2023-07-amphora/blob/179384321c36b669f48bc0485bbc1f807fba8fac/core/solidity/contracts/governance/GovernorCharlie.sol#L328-L354
Vulnerability details
Impact
there is function that is susceptible to signature malleability which allows replay attacks in the contract
GovernorCharlie.sol
especially inexecuteTransaction(
which could be very dangerous and lead to unwanted results like replay attacks in executing transactions.A signature should never be included into a signed message hash to check if previous messages have been processed by the contract.
Proof of Concept
See reference: https://swcregistry.io/docs/SWC-117
instances : https://github.com/code-423n4/2023-07-amphora/blob/179384321c36b669f48bc0485bbc1f807fba8fac/core/solidity/contracts/governance/GovernorCharlie.sol#L328-L354
as you see signature is included in the signed message hash below.
Tools Used
Manually / VsCode
Recommended Mitigation Steps
Assessed type
Governance