Closed sherlock-admin4 closed 1 month ago
Escalate
This is not duplicate of https://github.com/sherlock-audit/2024-04-titles-judging/issues/273.
The attack vector, affected code snippet, recommendation and impact are different. This issue shows a signature malleability problem, not the lack of action parameter in the digest.
This issue, together with https://github.com/sherlock-audit/2024-04-titles-judging/issues/10, https://github.com/sherlock-audit/2024-04-titles-judging/issues/53, https://github.com/sherlock-audit/2024-04-titles-judging/issues/130, https://github.com/sherlock-audit/2024-04-titles-judging/issues/279, https://github.com/sherlock-audit/2024-04-titles-judging/issues/155, https://github.com/sherlock-audit/2024-04-titles-judging/issues/168, https://github.com/sherlock-audit/2024-04-titles-judging/issues/178 and https://github.com/sherlock-audit/2024-04-titles-judging/issues/429, should not be duplicate of https://github.com/sherlock-audit/2024-04-titles-judging/issues/273, but a separate one.
Escalate
This is not duplicate of https://github.com/sherlock-audit/2024-04-titles-judging/issues/273.
The attack vector, affected code snippet, recommendation and impact are different. This issue shows a signature malleability problem, not the lack of action parameter in the digest.
This issue, together with https://github.com/sherlock-audit/2024-04-titles-judging/issues/10, https://github.com/sherlock-audit/2024-04-titles-judging/issues/53, https://github.com/sherlock-audit/2024-04-titles-judging/issues/130, https://github.com/sherlock-audit/2024-04-titles-judging/issues/279, https://github.com/sherlock-audit/2024-04-titles-judging/issues/155, https://github.com/sherlock-audit/2024-04-titles-judging/issues/168, https://github.com/sherlock-audit/2024-04-titles-judging/issues/178 and https://github.com/sherlock-audit/2024-04-titles-judging/issues/429, should not be duplicate of https://github.com/sherlock-audit/2024-04-titles-judging/issues/273, but a separate one.
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Agree with the escalation, planning to accept and duplicate with #279
Result: Medium Duplicate of #279
ComposableSecurity
high
Lack of protection from signature malleability
Summary
The
TitlesGraph
contract is incorrectly protected from signature replay-attack via signature malleability because it uses signature as the key inisUsed
mapping andSignatureCheckerLib
library fromsolady
repository.Vulnerability Detail
The
TitlesGraph
contract uses a mappingisUsed
to protect from replay attack on functions that accept signature parameter, which are:acknowledgeEdge(bytes32 edgeId_, bytes calldata data_, bytes calldata signature_)
andunacknowledgeEdge(bytes32 edgeId_, bytes calldata data_, bytes calldata signature_)
.The problem arises from two different issues, that must occur simultaneously.
First issue is that the
signature
is used as the mapping key (instead of thedigest
, potentially with some nonce) what could make it vulnerable to replay attack due to signature malleability.That would however not be possible without the second issue, which is using the
SignatureCheckerLib
library fromsolady
repository without detecting signature malleability. The library does not check for signature malleability itself, as stated in docs: https://github.com/Vectorized/solady/blob/91d5f64b39a4d20a3ce1b5e985103b8ea4dc1cfc/src/utils/SignatureCheckerLib.sol#L19-L23As the result, anyone can take any signature from past transactions of a particular user, generate it's different format (without any external information) and execute the opposite operation on behalf of the user.
PoC
Notice I had to add
solidity-bytes-utils
package and I made the_hashTypedData
function public to make it easier to get the correct digest.Impact
Anyone is able to acknowledge or unacknowledge the edge being acknowledged by the creator of the
to
node (using signature).Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/graph/TitlesGraph.sol#L40-L50
Tool used
Manual Review
Recommendation
Use digest (potentially with additional nonce if the same function parameters can be reused) instead of the signature as the mapping key.
Note that the additional nonce, if you plan to use it, must be included in the signed digest.
Duplicate of #279