Lack of proper cross-chain EIP-712 parameters could lead to wrong edges getting acknowledged.
Summary
In the current implementation of checkSignature modifier there is no involvement of chain-id , nonce parameters due to which malicious actor could replay a signature and either unacknowledge or acknowledge an edge.
/// @notice Modified to check the signature for a proxied acknowledgment.
modifier checkSignature(
bytes32 edgeId,
bytes calldata data,
bytes calldata signature
) {
bytes32 digest = _hashTypedData(
keccak256(abi.encode(ACK_TYPEHASH, edgeId, data))// message with /x19... prefix
);
if (
!edges[edgeId].to.creator.target.isValidSignatureNowCalldata( digest,signature) || _isUsed[keccak256(signature)]
) {
revert Unauthorized();
}
_;
_isUsed[keccak256(signature)] = true;
}
Because the chain ID is not included in the data, all signatures are also valid when the project is launched on a chain with another chain ID.
Signature without chain-id, nonces are not safe along with the standard specified in EIP 712.
maushish
medium
Lack of proper cross-chain EIP-712 parameters could lead to wrong edges getting acknowledged.
Summary
In the current implementation of
checkSignature
modifier there is no involvement ofchain-id
,nonce
parameters due to which malicious actor could replay a signature and either unacknowledge or acknowledge an edge.Vulnerability Detail
As clearly mentioned in the
readme
file The current implementation ofcheckSignature
follows a modified version of EIP-712 https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/graph/TitlesGraph.sol#L40Because the chain ID is not included in the data, all signatures are also valid when the project is launched on a chain with another chain ID. Signature without chain-id, nonces are not safe along with the standard specified in EIP 712.
Impact
Mentioned in the summary.
Code Snippet
Tool used
Manual Review
Recommendation
Implement the use of
nonce
andchain-id
incheckSignature
modifier.