Use of Dictionary is prone to be dangerous, Using Dictionary to fetch addreses is risky, Signatures can be bypassed,

ton-blockchain / wallet-contract-v5

MIT License

69 stars 16 forks source link

Use of Dictionary is prone to be dangerous, Using Dictionary to fetch addreses is risky, Signatures can be bypassed, #22

Closed Afoxcute closed 1 month ago

Afoxcute commented 2 months ago

Currently we all know that use of Dictionary is imperfect in FunC. An attacker can check for where the Dictionary use Is weak in the implementation of wallet address and exploit such vulnerability.

I believe signatures are not handled well in the Smart Contract because there is no strict check for some logic, "=" was used instead of "==". There is a check for "signature_mode_already_set" but there is no check for Signature already exist or Signature expired.

nns2009 commented 2 months ago

Currently we all know that use of address is imperfect in FunC

What do you mean?

there is no strict check for some logic

For which?

"=" was used instead of "=="

Where? I just did a RegEx search looking for all assignments [^=]=[^=], but I can't find any assignment, which should have been comparison (I honestly don't remember if FunC even allows this 😅)

but there is no check for Signature already exist

Previous signatures won't work because seqno increases

or Signature expired

throw_if(error::expired, valid_until <= now());

Afoxcute commented 1 month ago

Corrected the typo😂😭. Some assignments inside the code actually have "==". Just trying my hands on new stuffs man.

tolya-yanot commented 1 month ago

It looks like everything is okay with assigments