Signature Replay attack on isValidSignature function
Summary
A signature replay attack vulnerability is possible in the isValidSignature function of the FootiumEscrow contract.
An attacker can potentially reuse the already used signature to authenticate himself as the owner, leading to unauthorised actions being taken on behalf of the club owner.
Vulnerability Detail
The isValidSignature function is allowing an attacker to reuse the same signature multiple times
Impact
The vulnerability can allow an attacker to manipulate the system by using the replayed signature to perform unauthorized actions
Code Snippet
The test case below demonstrates the signature replay attack. Put it inside FootiumEscrow.test.ts.
it("signature replay attack", async () => {
const message = "Some message";
const signature = await owner.signMessage(message);
const hash = hashMessage(message);
// This first call should return the magic value, since it's the club owner's signature
expect(await escrow.isValidSignature(hash, signature)).to.be.equal(
"0x1626ba7e"
);
// Now imagine an attacker gets hold of the signature and hash
const attackerHash = hashMessage(message);
// The attacker can use the same signature to successfully pass the isValidSignature check
expect(await escrow.isValidSignature(attackerHash, signature)).to.be.equal(
"0x1626ba7e"
);
});
The isValidSignature function should be updated to ensure that the message is unique and cannot be reused.
One possible solution is to include a nonce in the message, which should be incremented after each use, ensuring that the message and the corresponding signature are unique for every transaction. The contract should keep track of used nonces and reject any messages with nonces that have already been used.
modern_Alchemist_00
high
Signature Replay attack on isValidSignature function
Summary
A signature replay attack vulnerability is possible in the isValidSignature function of the FootiumEscrow contract.
An attacker can potentially reuse the already used signature to authenticate himself as the owner, leading to unauthorised actions being taken on behalf of the club owner.
Vulnerability Detail
The isValidSignature function is allowing an attacker to reuse the same signature multiple times
Impact
The vulnerability can allow an attacker to manipulate the system by using the replayed signature to perform unauthorized actions
Code Snippet
The test case below demonstrates the signature replay attack. Put it inside FootiumEscrow.test.ts.
Tool used
Manual Review
Recommendation
The isValidSignature function should be updated to ensure that the message is unique and cannot be reused.
One possible solution is to include a nonce in the message, which should be incremented after each use, ensuring that the message and the corresponding signature are unique for every transaction. The contract should keep track of used nonces and reject any messages with nonces that have already been used.