ArkProject: NFT Bridge

NFTBridge
60,000 USDC
Submission Details
Severity: low
Invalid

Replay Attack Vulnerability in Starklane Smart Contract Due to Unstored Request Hashes

Updates

Lead Judging Commences

n0kto Lead Judge 2 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

invalid-replay-attack-hash-not-stored-nonce-not-used

There is no impact here: Transaction cannot be replayed because the blockchain use the nonce in the signature. Hash is computed on-chain. Using or trying to have the same hash mean you need to buy the token, and they will be sent to their origin owner. Why an attacker would buy tokens to give them back ? No real impact.

Support

FAQs

Can’t find an answer? Join our Discord or follow us on Twitter.

Cyfrin
Updraft
CodeHawks
Solodit
Resources