60,000 USDC
Submission Details
Severity:
Replay Attack in _consumeMessageAutoWithdraw
Description:
The _consumeMessageAutoWithdraw function calculates the message hash based on the sender's address, recipient address, and the request data. However, it does not include any nonce or timestamp in the hash calculation. This makes it susceptible to replay attacks. An attacker could intercept a valid message and its hash, then replay the same message later to withdraw the tokens again, effectively doubling the withdrawal.
Impact:
This vulnerability is high impact because it allows an attacker to steal tokens by reusing valid messages. If exploited, it could lead to significant financial losses for users and undermine the trust in the bridge.
Updates
Lead Judging Commences
n0kto 11 months ago
Submission Judgement Published Reason: Incorrect statement
Assigned finding tags:
invalid-replay-attack-hash-not-stored-nonce-not-used
There is no impact here: Transaction cannot be replayed because the blockchain use the nonce in the signature. Hash is computed on-chain. Using or trying to have the same hash mean you need to buy the token, and they will be sent to their origin owner. Why an attacker would buy tokens to give them back ? No real impact.
Prize pool breakdown
Total prize
60,000 USDC
nSLOC
2,30126 USDC / LOC
50,000 USDC
5,500 USDC
4,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.