Biconomy: Nexus
Biconomy
HardhatFoundry
30,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

The `K1Validator` omits the Nexus account address in the signature verification within the `isValidSignatureWithSender` function when it got called in `_enableMode` function , enabling replay attacks across multiple accounts owned by the same user.

castleChain

Location

https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/modules/validators/K1Validator.sol#L99-L109

Summary

The K1Validator does not include the sender address when calling the function isValidSignatureWithSender, which allows signature replay attacks on accounts owned by the same user. This vulnerability can lead to significant financial losses for the affected accounts.

Vulnerability Details

In the ModuleManager, the function _enableMode is used to verify and enable a validator before the validation of PackedUserOp, as shown below:

function _enableMode(address module, bytes calldata packedData) internal returns (bytes calldata userOpSignature) {
uint256 moduleType;
bytes calldata moduleInitData;
bytes calldata enableModeSignature;
// The data does not include the address of the account to enable the module on.
(moduleType, moduleInitData, enableModeSignature, userOpSignature) = packedData.parseEnableModeData();
_checkEnableModeSignature(
_getEnableModeDataHash(module, moduleInitData),
enableModeSignature
);
}

The digest of the signature does not include the address of the account on which the module will be enabled. Then, the function _checkEnableModeSignature is called to verify the signature:

function _checkEnableModeSignature(bytes32 digest, bytes calldata sig) internal view {
address enableModeSigValidator = address(bytes20(sig[0:20]));
if (!_isValidatorInstalled(enableModeSigValidator)) {
revert InvalidModule(enableModeSigValidator);
}
if (IValidator(enableModeSigValidator).isValidSignatureWithSender(address(this), digest, sig[20:]) != ERC1271_MAGICVALUE) {
revert EnableModeSigError();
}
}

The function isValidSignatureWithSender is called, and the address of the account (address(this)) is passed as the sender address to be verified with the enableModeSignature. However, if the validator is the K1Validator, the implementation of the function isValidSignatureWithSender is as follows:

function isValidSignatureWithSender(address, bytes32 hash, bytes calldata data) external view returns (bytes4) {
address owner = smartAccountOwners[msg.sender];
// Validate the signature using SignatureCheckerLib
if (SignatureCheckerLib.isValidSignatureNowCalldata(owner, hash, data)) {
return ERC1271_MAGICVALUE;
}
if (SignatureCheckerLib.isValidSignatureNowCalldata(owner, MessageHashUtils.toEthSignedMessageHash(hash), data)) {
return ERC1271_MAGICVALUE;
}
return ERC1271_INVALID;
}

This function neglects the sender address and verifies the enableModeSignature using SignatureCheckerLib without considering the sender address. The function retrieves the owner of the account making the call and verifies that the owner signed the message.

As a result, if the owner owns multiple accounts (e.g., three accounts), the enableModeSignature used to enable any module on one account will be valid for the other accounts as well.

POC

Suppose the owner has three accounts: account A, account B, and account C. The owner signs a userOp to enable validator G on account A. The structure of the userOp does not include the address of account A since it is not used in the validation process. Consequently, this userOp and the enableModeSignature will also be valid on the other accounts, allowing unintended validators to be installed on those accounts.

Impact

A malicious user can exploit this vulnerability to perform replay attacks across multiple accounts owned by the same user. This can result in the unintended installation of validators and the potential loss of funds from the affected accounts.

Tools Used

vscode

Recommendations

Include Sender Address in Signature Verification: Modify the isValidSignatureWithSender function to include the Nexus account address in the signature verification process to prevent replay attacks across multiple accounts.

Implementing these measures will safeguard against signature replay attacks and secure the funds within the accounts.

Updates

Lead Judging Commences

0xnevi Lead Judge
about 1 year ago
0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.