Lack of checks on the V, R & S signature values allow for signature malleability.
Proof of Concept
A user (the token holder) generates a valid permit signature for a specific message that permits
the mintWithPermit function to execute a token minting operation on their behalf.
The user submits the transaction to the contract with the valid permit signature.
However, an attacker intercepts this transaction before it gets included in a block.
The attacker modifies the signature in such a way that the new signature is different from the original,
but it is still considered valid for the same message.
The attacker resubmits the transaction with the modified signature to the contract.
If the receiving contract does not properly validate the signatures,
it might mistakenly treat the modified signature as a valid permit and proceed with the minting operation.
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/MErc20Delegator.sol#L97
Vulnerability details
Impact
Lack of checks on the V, R & S signature values allow for signature malleability.
Proof of Concept
A user (the token holder) generates a valid permit signature for a specific message that permits the mintWithPermit function to execute a token minting operation on their behalf.
The user submits the transaction to the contract with the valid permit signature.
However, an attacker intercepts this transaction before it gets included in a block. The attacker modifies the signature in such a way that the new signature is different from the original, but it is still considered valid for the same message.
The attacker resubmits the transaction with the modified signature to the contract.
If the receiving contract does not properly validate the signatures, it might mistakenly treat the modified signature as a valid permit and proceed with the minting operation.
Tools Used
Manual Review
Recommended Mitigation Steps
https://eips.ethereum.org/EIPS/eip-2612
According to the EIP-2612 standard, the signature parameters v, r, and s should be checked
Assessed type
Invalid Validation