Potential Replay Attack on `_setWitnessPublicKeys`

[hats-bug-reporter[bot]]

Github username: -- Twitter username: GitTopStar Submission hash (on-chain): 0xe641fe61007e4b4bbbaa3d7d37fadd1cebd4493b36199e136649c891bb882653 Severity: medium

Description: Description The _setWitnessPublicKeys function in the TEERollup contract is vulnerable to replay attacks. Specifically, the function allows updating the witness public keys without any replay protection. This means that an attacker could potentially reuse old transactions to manipulate the witness set, which could compromise the security and integrity of the contract.

Attachments

1. Proof of Concept (PoC) File

   
   // Proof of Concept: Replay Attack

// Assume these witness public keys have been previously activated TEERollup.WitnessActivation[] memory witnesses = new TEERollup.WitnessActivation; witnesses[0] = TEERollup.WitnessActivation({publicKey: "0x123", isActive: true}); witnesses[1] = TEERollup.WitnessActivation({publicKey: "0x456", isActive: true});

// Initial setting of witness public keys teerollup._setWitnessPublicKeys(witnesses);

// Replaying the same transaction to simulate a replay attack teerollup._setWitnessPublicKeys(witnesses);

**Recommendation to fix**

Implement nonce or timestamp checks to ensure that old transactions cannot be replayed. By incorporating a timestamp or nonce, the contract can reject outdated or previously executed transactions, thereby mitigating the risk of replay attacks.

[party-for-illuminati]

There is a protection against replay attacks on the Oasis Sapphire network level