Description:Description\
SavingsxDaiAdapter has claim modifier that allows only EOAs to claim interest, but this will be bypassed once EIP3074 is used. It will break the invariant and will allow contracts to claim the interest.
Attack Scenario\
Read more here: https://eips.ethereum.org/EIPS/eip-3074#allowing-txorigin-as-signer
Attachments
Proof of Concept (PoC) File
AUTH allows for signatures to be signed by tx.origin. For any such signatures, subsequent AUTHCALLs have msg.sender == tx.origin in their first layer of execution. Without EIP-3074, this situation can only ever arise in the topmost execution layer of a transaction. This EIP breaks that invariant and so affects smart contracts containing require(msg.sender == tx.origin) checks.
Revised Code File (Optional)
use account.code.length != 0
blckhv
commented
2 hours ago
Github username: -- Twitter username: -- Submission hash (on-chain): 0x8b1053fb1491dcd9caa23e1590ec9ccbdd1595ec967fb3442441a1f2ed7ee34c Severity: medium
Description: Description\ SavingsxDaiAdapter has claim modifier that allows only EOAs to claim interest, but this will be bypassed once EIP3074 is used. It will break the invariant and will allow contracts to claim the interest. Attack Scenario\ Read more here: https://eips.ethereum.org/EIPS/eip-3074#allowing-txorigin-as-signer
Attachments
Proof of Concept (PoC) File AUTH allows for signatures to be signed by tx.origin. For any such signatures, subsequent AUTHCALLs have msg.sender == tx.origin in their first layer of execution. Without EIP-3074, this situation can only ever arise in the topmost execution layer of a transaction. This EIP breaks that invariant and so affects smart contracts containing require(msg.sender == tx.origin) checks.
Revised Code File (Optional) use account.code.length != 0