Sparkn

Summary

Bad message digest can allow attacker to force prizes to be distributed based on the implementation of the old implementation contract.

Vulnerability Details

The distributor contract is meant to be upgradable as understood from the natspec. A new implementation address can be used when a contest is created. The key issue to this vulnerability lies in how the message digest contains only contestId and data in deployProxyAndDistributeBySignature(). We will illustrate how this may happen.

1. Owner sets contest inputting organizer, contestId, closeTime, implementation

2. For a variety of reasons, for instance the implementation contract contains some bugs/issues, owner wants to upgrade to a new implementation

3. Owner sets a new contest inputting the same organizer, contestId, closeTime, but with a different implementation

4. Now, during distribution, the organizer wants to distributes using signature with deployProxyAndDistributeBySignature()

5. Attacker sees this, uses the same signature with the same message digest and calls deployProxyAndDistributeBySignature() but with the old implementation contract, instead of the new one which organizer wants to use

6. The prize is distributed based on the logic of the old implementation contract, which can be faulty/potential loss of funds.

Impact

The organizer who intends to distribute based on a new distributor contract can be frontrunned and forced to distribute based on a wrong and unintended implementation contract.

Tools Used

Manual Review

Recommendations

Consider adding the implementation address as part of the message digest. Instead of using _hashTypedDataV4(keccak256(abi.encode(contestId, data))), we use _hashTypedDataV4(keccak256(abi.encode(contestId, data, implementation))).