Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

deployProxyAndDistributeBySignature() is vulnerable to cross-chain replay attacks

longzai

Summary

During the distribution phase, the organizer could potentially reuse the signature to distribute the winner's payout on another chain, even if it pertains to a different contest and winner

This situation raises concerns about the possibility of funds being stolen

Vulnerability Details

The chain ID is not presented in deployProxyAndDistributeBySignature() to validate against

Impact

The organizer could reuse the signature to distribute the winner's payout on another chain, even if it's a different contest and winner

Tools Used

Manual review

Recommendations

The chain ID should be encoded in the signature payload and validated against the current chain ID

function deployProxyAndDistributeBySignature(

address organizer,

bytes32 contestId,

address implementation,

bytes calldata signature,

bytes calldata data,

uint256 chainId

) public returns (address) {

if (chainId != block.chainid) revert ProxyFactory__InvalidChainId();

bytes32 digest = _hashTypedDataV4(keccak256(abi.encode(contestId, data, chainId)));

if (ECDSA.recover(digest, signature) != organizer) revert ProxyFactory__InvalidSignature();

//remaining code

}

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.