Signatures can duplicate in function countValidSignatures
Summary
Signatures can duplicate in function countValidSignatures
Vulnerability Detail
In contract HatsSignerGateBase.sol, function countValidSignatures is a public function which used to count number of valid signers from the signatures. But there is not the check to prevent duplicated owners from the signatures.
Impact
Because countValidSignatures is a public function, any user/protocol can use it to check their signatures. And the wrong results lead to misunderstandings for them.
duc
medium
Signatures can duplicate in function
countValidSignaturesSummary
Signatures can duplicate in function
countValidSignaturesVulnerability Detail
In contract
HatsSignerGateBase.sol, functioncountValidSignaturesis a public function which used to count number of valid signers from the signatures. But there is not the check to prevent duplicated owners from the signatures.Impact
Because
countValidSignaturesis a public function, any user/protocol can use it to check their signatures. And the wrong results lead to misunderstandings for them.Code Snippet
https://github.com/Hats-Protocol/hats-zodiac/blob/9455cc0957762f5dbbd8e62063d970199109b977/src/HatsSignerGateBase.sol#L547-L591
Tool used
Manual review
Recommendation
Should add the check to prevent duplicated owners from signatures (follow contract
GnosisSafe)