cross reply is possible because there is no chain id in signed data
in the contract UTBFeeCollector.sol the function collectFees is vulnerable to cross chain sig reply attack because the signed data don't actually include the chainId in signed data which creates this problem.
so what it creates is it makes
Lines of code
https://github.com/code-423n4/2024-01-decent/blob/07ef78215e3d246d47a410651906287c6acec3ef/src/UTBFeeCollector.sol#L44-L63
Vulnerability details
Impact
cross reply is possible because there is no chain id in signed data in the contract
UTBFeeCollector.sol
the functioncollectFees
is vulnerable to cross chain sig reply attack because the signed data don't actually include thechainId
in signed data which creates this problem. so what it creates is it makesProof of Concept
Tools Used
vscode
Recommended Mitigation Steps
chainId
value for the singed dataAssessed type
Other