Closed sherlock-admin2 closed 1 week ago
transfer_public
already uses self.caller
. transfer_public_as_signer
was introduced to enable users to transfer programs to a program, otherwise this is only possible with transfer_private_to_public
.
This doesn't seem like a real issue as in pretty much every smart contract chain, if you blindly sign transactions you will get drained.
joicygiore
High
Using
self.signer
to verify identity may be used by attackers for "identity fraud" or "permission bypass"Summary
Using
self.signer
to verify identity may be used by attackers for "identity fraud" or "permission bypass"Vulnerability Detail
Quoting the definition of
self.signer
in the documentation:Using
self.signer
for permission verification is a very dangerous thing. Takingtransfer_public_as_signer
as an example, the attacker can deploy theAttack.aleo
contract and point one of its methods tocredits.aleo::transfer_public_as_signer
. At this time, becausecredits.aleo::transfer_public_as_signer
usesself.signer
as the authentication method. If the victim calls the method inAttack.aleo
, the funds in his account will be transferred by the attacker.Impact
Using unsafe
self.signer
may be used by attackers for "identity fraud" or "permission bypass"Code Snippet
https://github.com/sherlock-audit/2024-05-aleo/blob/55b2e4a02f27602a54c11f964f6f610fee6f4ab8/snarkVM/synthesizer/program/src/resources/credits.aleo#L159-L182 https://github.com/sherlock-audit/2024-05-aleo/blob/55b2e4a02f27602a54c11f964f6f610fee6f4ab8/snarkVM/synthesizer/program/src/resources/credits.aleo#L798-L806 https://github.com/sherlock-audit/2024-05-aleo/blob/55b2e4a02f27602a54c11f964f6f610fee6f4ab8/snarkVM/synthesizer/program/src/resources/credits.aleo#L1005-L1021
Tool used
Manual Review
Recommendation
self.caller
better reflects the current caller and is a safer choice. It is recommended to useself.caller
instead ofself.signer
for authentication.self.signer
is only used when you really need to know the account that originally initiated the transaction, and it is not recommended as a method of authentication. For example: