search

sherlock-audit / 2024-08-flayer-judging

2 stars 0 forks source link

0xBhumii - Signature Replay Attack Vulnerability in `Airdrop` Mechanism #748

Open sherlock-admin4 opened 1 month ago

sherlock-admin4 commented 1 month ago

0xBhumii

Medium

Signature Replay Attack Vulnerability in Airdrop Mechanism

Summary

The AirdropRecipient contract is vulnerable to signature replay attacks due to the lack of nonce management, timestamping, and contextual binding in the signature verification process. This vulnerability can lead to unauthorized claims and financial losses.

Vulnerability Detail

The contract AirdropRecipient uses SignatureCheckerLib.isValidSignatureNow for verifying signatures. However, this method does not inherently protect against replay attacks. Without a nonce, timestamp, or contextual data in the signed message, valid signatures can be reused, allowing unauthorized parties to claim airdrops multiple times in diffrent chains.

Impact

Unauthorized claims of airdrops through replayed valid signatures. Potential financial losses and depletion of airdrop resources.

Code Snippet

https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/utils/AirdropRecipient.sol#L58C1-L63C1

Tool used

Manual Review

Recommendation

Include Nonce,ChainId or Timestamp during the signature verifications.