search

sherlock-audit / 2024-03-nouns-dao-2-judging

1 stars 0 forks source link

auditsbyradev - Vulnerable versions of packages are being used (Cryptographic Vulnerabilities in Nouns DAO Protocol Due to Outdated node-forge Dependencies) #47

Closed sherlock-admin3 closed 3 months ago

sherlock-admin3 commented 3 months ago

auditsbyradev

medium

Vulnerable versions of packages are being used (Cryptographic Vulnerabilities in Nouns DAO Protocol Due to Outdated node-forge Dependencies)

Summary

The Nouns DAO protocol employs a decentralized autonomous organization model to govern the creation, auction, and distribution of NFTs, known as Nouns. These NFTs are integral to the protocol, granting holders governance rights, including proposing changes, voting on proposals, and influencing the direction and development of the Nouns ecosystem. The auction house mechanism is a critical component, facilitating the periodic auctioning of Nouns to the highest bidder, with proceeds typically directed towards the DAO's treasury to fund community initiatives.

Vulnerability Detail

The problem is that the protocol use vulnerable versions of the node-forge package. Node-forge is a JavaScript library that provides a plethora of cryptographic operations. The specific vulnerabilities identified involve improper verification of cryptographic signatures and an open redirect issue, potentially compromising the integrity and security of cryptographic operations within the Nouns DAO protocol.

- node-forge - MODERATE - [Link](https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr) - Improper Verification of Cryptographic Signature in node-forge

Impact

RSA PKCS#1 v1.5 signature verification code is not properly checking DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.

Patches

The issue has been addressed in node-[forge](https://github.com/digitalbazaar/forge) 1.3.0.

For more information

If you have any questions or comments about this advisory:

- node-forge - MODERATE - [Link](https://nvd.nist.gov/vuln/detail/CVE-2022-0122) - Open Redirect in node-forge

parseUrl functionality in node-forge mishandles certain uses of backslash such as https:/\/\/\ and interprets the URI as a relative path.

- node-forge - HIGH - [Link](https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765) - Improper Verification of Cryptographic Signature in node-forge

Impact

RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used.

Patches

The issue has been addressed in node-forge 1.3.0.

References

For more information, please see ["Bleichenbacher's RSA signature forgery based on implementation error"](https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE/) by Hal Finney.

For more information

If you have any questions or comments about this advisory:

- node-forge - HIGH - [Link](https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g) - Improper Verification of Cryptographic Signature in node-forge

Impact

RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used.

Patches

The issue has been addressed in node-forge 1.3.0.

References

For more information, please see ["Bleichenbacher's RSA signature forgery based on implementation error"](https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE/) by Hal Finney.

For more information

If you have any questions or comments about this advisory:

Impact

The implications of these vulnerabilities are significant, considering the reliance on cryptographic operations for NFT verification, secure transactions, and overall protocol security. Specifically:

Code Snippet

https://github.com/sherlock-audit/2024-03-nouns-dao-2/blob/8f6879efaf831eb7fc9d4a4ad2b62b5334220d87/nouns-monorepo/packages/nouns-contracts/contracts/NounsAuctionHouse.sol#L1-L261

Tool used

Manual Review

Recommendation

Upgrade the node-forge package to version 1.3.0 or later, where the vulnerabilities have been addressed.

sherlock-admin4 commented 3 months ago

1 comment(s) were left on this issue during the judging contest.

WangAudit commented:

initially invalidating it; since it's not described how it can be use; yes I see the vulns in the node-forge you've listed; but you don't express how it can be manipuled/exploited specifically and this report looks more like a recommendation/information

radeveth commented 3 months ago

just to note so the Nouns team is aware of this : )

all bugs are basically related to signature/digest.

the bugs above:

  1. signature verification code is not properly checking DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
  2. RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used.
  3. RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used.

The contracts in scope of this audit that use signature/digests are:

So, at best the Nouns team should upgrade the node-forge package to version 1.3.0 or later, where the vulnerabilities have been addressed.