c4-pre-sort
commented
1 year ago raymondfam marked the issue as low quality report
Closed c4-submissions closed 1 year ago
c4-pre-sort
commented
1 year ago raymondfam marked the issue as low quality report
c4-pre-sort
commented
1 year ago raymondfam marked the issue as duplicate of #46
c4-judge
commented
1 year ago alex-ppg marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-10-brahma/blob/a6424230052fc47c4215200c19a8eef9b07dfccc/contracts/lib/safe-contracts/contracts/interfaces/ISignatureValidator.sol#L6
Vulnerability details
Impact
As Per EIP-1271 standard ERC1271_MAGIC_VAULE should be 0x1626ba7e instead of 0x20c13b0b and function name should be isValidSignature(bytes32,bytes) instead of isValidSignature(bytes,bytes). Due to this, signature verifier fallback function return unexpected value and never return ERC1271_MAGIC_VALUE.
Proof of Concept
https://github.com/code-423n4/2023-10-brahma/blob/a6424230052fc47c4215200c19a8eef9b07dfccc/contracts/src/core/ConsoleFallbackHandler.sol#L85 https://github.com/code-423n4/2023-10-brahma/blob/a6424230052fc47c4215200c19a8eef9b07dfccc/contracts/lib/safe-contracts/contracts/interfaces/ISignatureValidator.sol#L19 https://github.com/code-423n4/2023-10-brahma/blob/a6424230052fc47c4215200c19a8eef9b07dfccc/contracts/lib/safe-contracts/contracts/interfaces/ISignatureValidator.sol#L6
Tools Used
Manually
Recommended Mitigation Steps
Follow EIP-1271 standard
Assessed type
Invalid Validation