search

sherlock-audit / 2024-04-titles-judging

1 stars 1 forks source link

sil3th - Signature Can be replayed on other chains #315

Closed sherlock-admin4 closed 2 months ago

sherlock-admin4 commented 2 months ago

sil3th

medium

Signature Can be replayed on other chains

Summary

The check signature modifier checks whether the signature is valid and also whether it has already been used but does not prevent cross chain signature replay, since contact will work on Ethereum, Base, OP, Zora, Blast, Arbitrum, zkSync and Degen chains

Vulnerability Detail

The checkSignature modifier is used to check the signature of a proxied acknowledgement. When acknowledging an edge in the acknolwedgeEdge function it checks whether the signature is valid by checking if it has been used but does not account for if used on a different chain.

 modifier checkSignature(bytes32 edgeId, bytes calldata data, bytes calldata signature) {
        bytes32 digest = _hashTypedData(keccak256(abi.encode(ACK_TYPEHASH, edgeId, data)));
        if (
            !edges[edgeId].to.creator.target.isValidSignatureNowCalldata(digest, signature)
                || _isUsed[keccak256(signature)]
        ) {
            revert Unauthorized();
        }
        _;
        _isUsed[keccak256(signature)] = true;

    }

Impact

User can use a already used signature in a different chain to acknowledge an edge

Code Snippet

https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/graph/TitlesGraph.sol#L40-L50

Tool used

Manual Review

Recommendation

Implement chain-specific checks in the checkSignature modifier to ensure that signatures are only accepted within the intended chain or context.

ccashwell commented 2 months ago

Invalid, the EIP712 domain used by the signature includes a chain ID.