Detailed description of the impact of this finding.
voteHash = keccak256(abi.encode(VOTE_TYPEHASH, from, pieceIds, nonces[from]++, deadline));
here we are using nonces[from]++ for calculating voteHash but different from address can have the same
nonces[from]++ ,therefore creating the same votehash.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
Lines of code
https://github.com/code-423n4/2023-12-revolutionprotocol/blob/main/packages/revolution/src/CultureIndex.sol#L431
Vulnerability details
Impact
Detailed description of the impact of this finding. voteHash = keccak256(abi.encode(VOTE_TYPEHASH, from, pieceIds, nonces[from]++, deadline)); here we are using nonces[from]++ for calculating voteHash but different from address can have the same nonces[from]++ ,therefore creating the same votehash.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
function _verifyVoteSignature( address from, uint256[] calldata pieceIds, uint256 deadline, uint8 v, bytes32 r, bytes32 s ) internal returns (bool success) { require(deadline >= block.timestamp, "Signature expired");
Tools Used
Manual Analysis
Recommended Mitigation Steps
Assessed type
Invalid Validation