Closed sherlock-admin3 closed 2 months ago
This is not valid. While the digest that is being signed is indeed the same, that's not relevant to the signature validation process because the signature itself would always be different (no signing solution reuses either R or S values, so there's no possibility of actual signature collision).
Agree that a nonce could be used, but it's not actually adding value because this is expected to be a one-time operation.
xiaoming90
medium
Creator cannot acknowledge or deacknowledge an edge twice
Summary
The creator cannot acknowledge or deacknowledge an edge twice, affecting the sanctity of the data in the Graph.
Vulnerability Detail
Both
acknowledgeEdge
andunacknowledgeEdge
functions rely on the same modifier (checkSignature
) to verify the signature validity. Thus, the signature used for acknowledgment and deacknowledgment of an edge follows the same format and can be used interchangeably.Assume that the
data_
is not currently in use and set to empty/null. Thus, the signature's digest to acknowledge and deacknowledge an Edge (edgeId=800) is as follows, which is exactly the same.Assume that Bob wants to acknowledge an EdgeID of 800. His signature digest will be as follows:
After Bob has executed the
acknowledgeEdge
function with the signature, the above digest will be marked as used, and cannot be used for a second time.Let's assume some time has passed, and Bob decided to deacknowledge EdgeID of 800. In this case, his signature digest will be as follows:
The above digest is exactly the same digest that had been marked as used earlier. Thus, Bob's attempts to deacknowledge EdgeID of 800 will fail.
The same issue will also occur in many scenarios, such as (ack > deack > ack). In short, this issue will occur when acknowledgment and deacknowledgment are called for a second time with a signature.
The root cause of this issue is that the data hashed within the digest lacks the nonce or certain data that is unique across different signatures.
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/graph/TitlesGraph.sol#L118
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/graph/TitlesGraph.sol#L146
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/graph/TitlesGraph.sol#L40
Impact
The creator cannot acknowledge or deacknowledge an edge twice, affecting the sanctity of the data in the Graph.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/graph/TitlesGraph.sol#L118
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/graph/TitlesGraph.sol#L146
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/graph/TitlesGraph.sol#L40
Tool used
Manual Review
Recommendation
The standard security practice is to include a nonce into the signature digest to ensure its uniqueness and prevent potential replay attacks or collisions.
Consider adding a nonce to the digest and incrementing the creator's nonce after each successful execution of the acknowledgment or deacknowledgment.