search

code-423n4 / 2023-07-lens-findings

0 stars 0 forks source link

Nonces are not used in the signature checks #179

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/LensHub.sol#L124-L125

Vulnerability details

Impact

A nonce can prevent an old value from being used when a new value exists. Without one, two transactions submitted in one order, can appear in a block in a different order

Transactions on one identity can be replayed on another one.

Proof of Concept

instance: https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/LensHub.sol#L124-L125

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/LensHub.sol#L382-L394

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/LensHub.sol#L356-L357

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/LensHub.sol#L412-L413

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/LensHub.sol#L441-L442

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/LensHub.sol#L478-L479

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/LensHub.sol#L182-L189

and every other signature validator that has not been implemented. 

 function unfollowWithSig(
        uint256 unfollowerProfileId,
        uint256[] calldata idsOfProfilesToUnfollow,
        Types.EIP712Signature calldata signature
    ) external override whenNotPaused onlyProfileOwnerOrDelegatedExecutor(signature.signer, unfollowerProfileId) {
        MetaTxLib.validateUnfollowSignature(signature, unfollowerProfileId, idsOfProfilesToUnfollow);

        FollowLib.unfollow({
            unfollowerProfileId: unfollowerProfileId,
            idsOfProfilesToUnfollow: idsOfProfilesToUnfollow,
            transactionExecutor: signature.signer
        });
    }

Tools Used

vscode

Recommended Mitigation Steps



## Assessed type

Invalid Validation
141345 commented 1 year ago

invalid

There is nonce in MetaTxLib.sol

c4-pre-sort commented 1 year ago

141345 marked the issue as low quality report

Picodes commented 1 year ago

https://github.com/code-423n4/2023-07-lens/blob/cdef6ebc6266c44c7068bc1c4c04e12bf0d67ead/contracts/libraries/MetaTxLib.sol#L55

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Invalid