Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Lack of chainID validation allows signatures to be re-used across forks

33BYTEZZZ

Summary

If the chain forks after deployment, the signature passed when calling deployProxyAndDistributeBySignature() may be considered valid on both forks.

Vulnerability Details

The signatures used to deployProxy and distribute rewards do not account for chain splits. The chainID is not included in the domain separator. As a result, if the chain forks after deployment, the signed message may be considered valid on both forks.

Imagine Bob as one of the winners. An EIP is included in an upcoming hard fork that has split the community. After the hard fork, a significant user base remains on the old chain. On the new chain, The organizer calls deployProxyAndDistributeBySignature. Bob(the malicious user), operating on both chains, replays the signature on the old chain and is able to deploy the proxy and steal funds

Impact

The protocol becomes vulnerable to Signature Replay attacks where in malicious users replay the signatures to steal funds from the organizers.

Tools Used

Manual Review

Remediation Steps

Include the chainID in the signature schema. This will make replay attacks impossible in the event of a post-deployment hard fork

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.