DeFiHardhatFoundry
250,000 USDC
View results
Submission Details
Severity: high
Invalid

Replay attack vulnerability in `redeemDepositsAndInternalBalances` function

Summary

The contract L2ContractMigrationFacet allows the migration of assets owned by contracts from L1 to L2. It verifies deposits and internal balances using Merkle proofs and authorizes migration through EIP-712 signatures. However, the current design lacks mechanisms to prevent signature replay attacks, making it vulnerable to such exploits.

Vulnerability Details

Lack of Replay Protection: The contract does not implement any mechanism to ensure the uniqueness of each signed message. It uses the owner, receiver, and deadline to create the signature hash but does not include any nonce or similar unique value.

L2ContractMigrationFacet#L136-L150

function verifySignature(address owner, address reciever, uint256 deadline, bytes calldata signature)
internal
view
{
require(block.timestamp <= deadline, "Migration: permit expired deadline");
>>> bytes32 structHash = keccak256(abi.encode(REDEEM_DEPOSIT_TYPE_HASH, owner, reciever, deadline));
bytes32 hash = _hashTypedDataV4(structHash);
address signer = ECDSA.recover(hash, signature);
require(signer == owner, "Migration: permit invalid signature");
}

Exploit Scenario

Signature Replay Attack: An attacker who captures a valid signed message can reuse it before the deadline expires to call redeemDepositsAndInternalBalances multiple times, potentially transferring funds multiple times without the owner's consent.

Impact

If an attacker intercepts a valid signed message, they can exploit it to invoke the migration function multiple times, leading to unauthorized fund transfers. This vulnerability could potentially result in substantial financial losses for users who have authorized migrations.

Tools Used

Manual code review

Recommendations

To mitigate this issue, implement nonce usage to prevent replay attacks, similar to the approach adopted in LibTokenPermit library

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Replay attack vulnerability in `redeemDepositsAndInternalBalances` function - it could be replayed

Appeal created

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.