Open c4-bot-7 opened 7 months ago
141345 marked the issue as duplicate of #179
141345 marked the issue as duplicate of #239
0xean changed the severity to 2 (Med Risk)
0xean marked the issue as satisfactory
Hi @0xean , while #239 only points out EIP712 compliant problem, however #162 describes a serious signature replay attack, the root cause of #162 is lack of signature replay attack resistance instead of EIP712 compliance. I think it should not be marked as the dup of #239. Since user could have chance to fulfill all rental orders owning the same metadata and acquire rental earnings by simply replaying signature, it should be marked as High Severity.
Some other issues also describe this signature replay attack as well:
@0xean yeah I agree also issue #370 describes a signature replay attack that is different from #239 as described by the @piken
141345 marked the issue as not a duplicate
141345 marked the issue as primary issue
141345 marked the issue as sufficient quality report
0xean marked the issue as selected for report
@Alec1017 - this batch of issues has been removed as a duplicate of #239 so would be good for you to review prior to finalizing.
Lines of code
https://github.com/re-nft/smart-contracts/blob/3ddd32455a849c3c6dc3c3aad7a33a6c9b44c291/src/policies/Create.sol#L760-L763
Vulnerability details
Impact
A malicious user could potentially fulfill all
PAY
orders that own the same value ofzonehash
Proof of Concept
The rental process in
reNFT
can simply be described as follows:lender
create eitherBASE
orPAY
order, which includes azoneHash
.renter
fulfills the rental order by providing certain items, includingfulfiller
,payload
(a structured data ofRentPayload
), and its corresponding signature.Create#validateOrder()
will be executed to verify if the rental order is valid:payload
and itssignature
fromzoneParams.extraData
payload.expiration
andblock.timestamp
payload
and itssignature
and check if the signer is protocol signerzonehash
is equal to the derived hash ofpayload.metadata
Let's take a look at
RentPayload
and its referenced structures:By observing all items in
Rentpayload
, it's obvious that there is no way to verify whether the signature of apayload
has been used or not. The signature verification can always be passed as long as it has not expired.If multiple
PAY
rental orders own the samemetadata
, a user could potentially utilize theirpayload
and unexpiredsignature
to fulfill all these rental orders and acquire rental earnings. SinceOrderMetadata
structure is very simple, the chance that two different orders own samemetadata
could be high.Update testcase
test_stopRentBatch_payOrders_allDifferentLenders()
inStopRentBatch.t.sol
with below codes and runforge test --match-test test_stopRentBatch_payOrders_allDifferentLenders
:You may find out that all
extraData
are same although the rental orders are created by different lenders.Tools Used
Manual review
Recommended Mitigation Steps
Introduces a field into
RentPayload
to ensure everypayload
unique. It is feasible usingorderHash
of the rental order:Assessed type
Other