search

hats-finance / illuminex-0x0bb4aa1f58719707405c231fcdf0b405714799cf

0 stars 1 forks source link

Remove `Endian.reverse256` from Bitcoin Address Generation in `_generateAddress` Function #79

Open hats-bug-reporter[bot] opened 4 months ago

hats-bug-reporter[bot] commented 4 months ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0x437dad457eb502b604e3ae7ec841f5cdc371a3ce25de6e513f7f81274563904b Severity: medium

Description: Description\ The _generateAddress function in BitcoinAbstractWallet.sol includes an unnecessary call to Endian.reverse256 when calculating the checksum for a Bitcoin address. This can lead to incorrect checksum generation, potentially causing invalid Bitcoin addresses.This issue proposes removing the Endian.reverse256 call to simplify the checksum calculation and **align with standard Bitcoin address generation**(please check references attached below).

Attack Scenario\ Describe how the vulnerability can be exploited.

Attachments

  1. Proof of Concept (PoC) File

    function _generateAddress(bytes20 _dstHash, bytes1 _type) internal pure returns (bytes memory) {
bytes memory addressData = bytes.concat(_dstHash);
bytes32 checksum = bytes32(
    Endian.reverse256(
        uint256(BitcoinUtils.doubleSha256(abi.encodePacked(_type, addressData)))
    )
);

return abi.encodePacked(_type, addressData, bytes4(checksum));
}
    • The Endian.reverse256 function reverses the byte order of the checksum, which is not required for standard Bitcoin address generation.
    • This can result in an incorrect checksum, leading to invalid Bitcoin addresses.

References:

below is the Standard generation of checksum

https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses#How_to_create_Bitcoin_Address:~:text=5%20%2D%20Perform%20SHA,c7f18fe8

https://bitcoin.stackexchange.com/questions/32353/how-do-i-check-the-checksum-of-a-bitcoin-address

https://www.freecodecamp.org/news/how-to-create-a-bitcoin-wallet-address-from-a-private-key-eca3ddd9c05f/#:~:text=Checksum,8%20hex%20digits).

  1. Revised Code File (Optional) 
function _generateAddress(bytes20 _dstHash, bytes1 _type) internal pure returns (bytes memory) {
    bytes memory addressData = bytes.concat(_dstHash);
    bytes32 checksum = bytes32(
        BitcoinUtils.doubleSha256(abi.encodePacked(_type, addressData))
    );

    return abi.encodePacked(_type, addressData, bytes4(checksum));
}

the above _generateAddress() function with standard implementation

party-for-illuminati commented 4 months ago

https://github.com/hats-finance/illuminex-0x0bb4aa1f58719707405c231fcdf0b405714799cf/blob/3ad7c2aedf991493aab45d3e0847b7e07f5c0d07/packages/contracts/contracts/illuminex/xengine/chains/btc/BitcoinUtils.sol#L216

We need to un-reverse it since doubleSha256 is reversing it