Add Replay Attack Mitigation Feature

[bijoy26]

Task Handler : @Timidan

Replay Attack

Usually, A replay attack is when a signed message is reused to claim authorization for a second action. To avoid replay attacks, > for Ethereum. we use a so-called nonce, which is the number of transactions sent by an account.

The smart contract checks if a nonce is used multiple times.

Replay attacks are addressed in ethereum by following -

In Matic, replay attack is likely to occur on Ante Handler -

Heimdall is the heart of the Matic system. It manages validators, block producer selection, spans, the state-sync mechanism between Ethereum and Matic and other essentials aspects of the system.

It is the PoS validator node that works in consonance with the Staking contracts on Ethereum to enable the PoS mechanism on Matic.

Ante handler checks and validates the transaction. After the verification, it checks the balance of the sender for enough fees and deduct fees in case of successful transaction inclusion.

According to Ante Handler definition, it is prone to replay attack which can be addressed as follows -

Using the above information, you job is to properly pass a parameter sequenceNumber (which basically the nonce) on the vote() function and keep a mapping check to ensure the transaction is executed only once

---

Edit-1 :

• We are addressing "Replay attack" by Implementing 'onlyAuditor modifier'

• We keep the issue of addressing "Cross-contract Replay attack" for future work.

  It can be performed by using OpenZeppelin library's 'Upgradeable contracts' feature which allows upgrading existing contracts without changing the deployed address.

  If we have a storage and proxy contract, it is possible to perform Update functions to the already deployed contracts through openzeppelin-cli.

[Timidan]

Do we really need this?..sequenceNumber applies only to msg.sender who is the election taskMaster...this is only useful when voters are interacting with the contract directly

[bijoy26]

I think you are correct. The only address that is making the transaction is of election auditor's. And also, he is the only guy authorized to do multiple transactions from same address.

For usual replay attacks

We can simply put a check if the msg.sender is one of the valid election auditor's access when the vote() function runs and we won't be needing nonce checking then.

For cross-contract replay attacks (Which means if we deploy the same contract twice on the same blockchain for some reason, then the exact same transaction is prone to be executed if every data passed as the param is same from a difference sender address)

For this case, we need sequencenumber check. Though Ethereum has this flaw, I'm not sure if Matic has the exact security issue. We can skip it for now if it seems inconvenient to implement nonce check.

[Timidan]

OK... Will implement the onlyAuditor and nonce checks then update the contract ABI

[bijoy26]

@Timidan Mention this issue, move it to 'Done' and close it when you push onlyAuditor enabled contract on the repo.

[Timidan]

Done!