This repository was archived by the owner on Oct 27, 2024. It is now read-only.
This repository was archived by the owner on Oct 27, 2024. It is now read-only.
T1MOH - Signature malleability breaks TitlesGraph.sol #130
Description
T1MOH
medium
Signature malleability breaks TitlesGraph.sol
Summary
There are 2 versions of signatures from the same data. Because of that property it is advised to not use signature as unique identificator.
You can read here https://detectors.auditbase.com/signature-malleability-of-evms-ecrecover
Vulnerability Detail
Here you can see that signature is used as unique identifier of performed action. So attacker can use another version of used signature to maliciously perform opposite action. For example if edge was previously acknowledged, then he can unacknowledge it.
modifier checkSignature(bytes32 edgeId, bytes calldata data, bytes calldata signature) {
bytes32 digest = _hashTypedData(keccak256(abi.encode(ACK_TYPEHASH, edgeId, data)));
if (
!edges[edgeId].to.creator.target.isValidSignatureNowCalldata(digest, signature)
|| _isUsed[keccak256(signature)]
) {
revert Unauthorized();
}
_;
@> _isUsed[keccak256(signature)] = true;
}
function acknowledgeEdge(bytes32 edgeId_, bytes calldata data_, bytes calldata signature_)
external
@> checkSignature(edgeId_, data_, signature_)
returns (Edge memory edge)
{
return _setAcknowledged(edgeId_, data_, true);
}
function unacknowledgeEdge(bytes32 edgeId_, bytes calldata data_, bytes calldata signature_)
external
@> checkSignature(edgeId_, data_, signature_)
returns (Edge memory edge)
{
return _setAcknowledged(edgeId_, data_, false);
}Impact
Attacker can use another version of used signature to maliciously perform opposite action. For example if edge was previously acknowledged, then he can unacknowledge it.
Code Snippet
Tool used
Manual Review
Recommendation
Use OpenZeppelin's ECDSA library.
Duplicate of #279