Cross-Chain Replay Attack Vulnerability in ECDSA Signature Verification
Summary
The current ECDSA signature verification logic does not incorporate chain-specific data, such as the chain ID. Which exposes it the replay attacks on different chains.
Vulnerability Details
The deployProxyAndDistributeBySignature function uses the ECDSA.recover method to verify that a provided message was signed by the organizer. The message being verified consists of a keccak256 hash of contestId and data. As the signed message does not contain any chain-specific data, like the chain ID, it's susceptible to replay on any other chain that has the same organizer and uses the same verification logic.
An attacker could:
Obtain a valid signature on Chain A.
Move to Chain B and use this signature as a valid proof, given that the organizer address exists and holds the same private key on both chains.
Impact
An attacker could emit a transfer of funds on chain B to winners of chain A, rewarding them twice.
Tools Used
Manual reviwe
Recommendations
Include Chain ID in Signed Data
bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(contestId, data, block.chainid)));
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.