The contract L2ContractMigrationFacet
allows the migration of assets owned by contracts from L1 to L2. It verifies deposits and internal balances using Merkle proofs and authorizes migration through EIP-712 signatures. However, the current design lacks mechanisms to prevent signature replay attacks, making it vulnerable to such exploits.
Lack of Replay Protection: The contract does not implement any mechanism to ensure the uniqueness of each signed message. It uses the owner, receiver, and deadline
to create the signature hash but does not include any nonce or similar unique value.
L2ContractMigrationFacet#L136-L150
Signature Replay Attack: An attacker who captures a valid signed message can reuse it before the deadline expires to call redeemDepositsAndInternalBalances
multiple times, potentially transferring funds multiple times without the owner's consent.
If an attacker intercepts a valid signed message, they can exploit it to invoke the migration function multiple times, leading to unauthorized fund transfers. This vulnerability could potentially result in substantial financial losses for users who have authorized migrations.
Manual code review
To mitigate this issue, implement nonce usage to prevent replay attacks, similar to the approach adopted in LibTokenPermit
library
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.