Description:Description\
VaultBitcoinWallet::generateOrder calls _encryptPayload which is not updating the nonce and due to the arbitrary arguments passed orders can be replayed.
Attack Scenario\
UserSeed can be derived again as it is not random. Then this seed will be used to encode recoveryData and all parameters in encodedData can be passed the same. Then inside _encryptPayload it uses the same nonce every time. Which always _encryptedOrder to be replayed. Also the _offchainPubKeyIndex is not being altered in none of the flow which is also why tx will be able to be replayed.
Github username: @SB-Security Twitter username: SBSecurity_ Submission hash (on-chain): 0x062f40be67b52de94896f2ff5558a062a4cf998b0a315ce87b133edd596db1a7 Severity: medium
Description: Description\
VaultBitcoinWallet::generateOrder
calls_encryptPayload
which is not updating the nonce and due to the arbitrary arguments passed orders can be replayed.Attack Scenario\ UserSeed can be derived again as it is not random. Then this seed will be used to encode
recoveryData
and all parameters inencodedData
can be passed the same. Then inside_encryptPayload
it uses the same nonce every time. Which always_encryptedOrder
to be replayed. Also the_offchainPubKeyIndex
is not being altered in none of the flow which is also why tx will be able to be replayed.Attachments
Make the nonce incrementalble.