Cross-chain replay attack

[hats-bug-reporter[bot]]

Github username: @https://github.com/sekkiat Twitter username: -- Submission hash (on-chain): 0xd3064ee5c12251e0d59ddb10b495019e1a48387128e208c62db9c67fec83856f Severity: medium

Description: Description\ The signing does not include chainID to prevent cross chain replay attack.

Attack Scenario\ Replay the attack in different chain.

Attachments

1. Proof of Concept (PoC) File\ As you can see the digest only include id, trader, and amount, which allows the cross-chain replay attack.

        bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(
            keccak256("withdrawal(uint256 id,address trader,uint256 amount)"),
            id,
            trader,
            amount
        )));
        bool valid = verify(digest, v, r, s); 

Remediation

• Add a chain ID in the hash.
• Limit the number of deposit request per address.

[alex-sumner]

The chain ID is already part of the data that is hashed then signed, see EIP712.sol, the Open Zeppelin contract which we extend. A signature obtained for one block chain will not be valid on another chain.