Closed sherlock-admin4 closed 2 months ago
Escalate
This issue, together with #10, #53, #130, #279, #155, #168, #178 and #429, should not be duplicate of #273, but a separate one. The reason is #273 identifies a vulnerability where acknowledgment signatures can be used for unacknowledgment and vice versa. The issues mentioned by me, together with this one, are about signature malleability.
Escalate
This issue, together with #10, #53, #130, #279, #155, #168, #178 and #429, should not be duplicate of #273, but a separate one. The reason is #273 identifies a vulnerability where acknowledgment signatures can be used for unacknowledgment and vice versa. The issues mentioned by me, together with this one, are about signature malleability.
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Agree with the escalation, planning to accept and duplicate with #279
Result: Medium Duplicate of #279
ZdravkoHr.
medium
TitlesGraph
signatures are malleableSummary
The TitlesGraph contract is vulnerable to signature malleability. Because of this, any party can execute an already used signature for a second time.
Vulnerability Detail
As explained in the linked article, if
(r,s)
is a valid signature, so is(r, -s mod n)
. TitlesGraph uses SignatureCheckerLib which does not check if the signature is malleable, as explained in this line.As a result, each signature can be replayed one more time and the isUsed check can be bypassed.
Here is a coded PoC in Foundry that demonstrates how an user (Alice) acknowledges an edge via signature. After that Alice changes her mind and unacknowledges the edge. Since her signature is malleable, anyone can use it to acknowledge the edge again.
NOTE: For simplicity, the following function has to be added to TitlesGraph before running the PoC.
The actual test to be run in TitlesCore.t.sol
Impact
Signatures are malleable, anyone can replay an already used signature.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/d7f60952df22da00b772db5d3a8272a988546089/wallflower-contract-v2/src/graph/TitlesGraph.sol#L40C1-L50C6
Tool used
Foundry
Recommendation
Implement a check for the
s
parameter to ensure the signatures are not malleable.Duplicate of #279