HardhatFoundry
30,000 USDC
View results
Submission Details
Severity: medium
Invalid

Potential Replay Attack Vulnerability in Signature Verification Logic

Summary

The protocol relies on Solady's SignatureCheckerLib to verify that the signature provided is valid, i.e https://github.com/vectorized/solady/blob/main/src/utils/SignatureCheckerLib.sol

However the Solady's SignatureCheckerLib warns that the library does not check if a signature is non-malleable.

https://github.com/Vectorized/solady/blob/a34977e56cc1437b7ac07e6356261d2b303da686/src/utils/SignatureCheckerLib.sol#L23

/// WARNING! Do NOT use signatures as unique identifiers:
/// - Use a nonce in the digest to prevent replay attacks on the same contract.
/// - Use EIP-712 for the digest to prevent replay attacks across different chains and contracts.
/// EIP-712 also enables readable signing of typed data for better user safety.
/// This implementation does NOT check if a signature is non-malleable.
library SignatureCheckerLib {

The signature verification logic is broken due to the lack of checks to ensure the s value in ECDSA signatures is only greater/lesser than 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0. This oversight could potentially allow for replay attacks, compromising the security of transactions processed through the contract.

Vulnerability Details

First see https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/Nexus.sol#L371-L520 ... snippet is too large to attach to the report.

However this signature verification process is broken, due to the absence of a critical check within the signature verification process. In ECDSA signatures, the s value plays a crucial role in ensuring the uniqueness and integrity of the signature. Specifically, the s value can either be greater than 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0 or less than and these two scenarios would be counted as valid signatures, so to avoid potential issues related to signature malleability and replay attacks we need to chose one to use. Cause, without this check, malicious actors could potentially craft signatures with manipulated s values that pass the current verification logic, leading to unauthorized actions being performed as if they were legitimate transactions.

Impact

The primary impact of this vulnerability is the increased risk of replay attacks since the reuse of signatures would be possible, just by changing the s value.

Tools Used

  • Manual review

Recommendations

To mitigate this vulnerability and enhance the security of the signature verification process, it is recommended to introduce a check that validates the s value of the ECDSA signature. This check should ensure that the s value is greater than 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0.

Here is a suggested code snippet that implements this recommendation:

function isValidSignature(bytes32 hash, bytes memory signature) public pure returns (bool) {
// Check that the 's' value is greater than the threshold
if (signature[65] < 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
return false; // Invalid signature 's' value
}
// Additional signature verification logic...
return true; // Signature is valid
}
Updates

Lead Judging Commences

0xnevi Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-replay-attack-malleable

Valid medium, although all issues lack a little detail on some form of protocol specific impact here. See similar reference finding [here](https://github.com/sherlock-audit/2024-04-titles-judging/issues/279)

Appeal created

adriro Judge
12 months ago
adriro Judge
11 months ago
0xnevi Lead Judge
11 months ago
0xnevi Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Other
Assigned finding tags:

finding-replay-attack-malleable

Valid medium, although all issues lack a little detail on some form of protocol specific impact here. See similar reference finding [here](https://github.com/sherlock-audit/2024-04-titles-judging/issues/279)

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.