Missing Nonce in Signatures Leading to Replay Attack
Summary
The rankCandidatesBySig function lacks the inclusion of the nonce in signed messages, creating a vulnerability to potential signature replay attacks.
Vulnerability Details
Signatures provide a means of cryptographic authentication in blockchain technology, serving as a unique “fingerprint”, forming the backbone of blockchain transactions. Signatures for previous or pending transactions can be replayed by attackers, if not handled correctly, meaning that attackers pass the validation checks and the malicious transactions are executed.
The absence of the nonce can allow attackers to repeatedly exploit captured signatures for fraudulent transactions.
Impact
Essentially a unique identifier or a 'number used once' for each transaction, a nonce is integral to security. Its absence can allow someone like Bob to repeatedly exploit Alice's captured signature for fraudulent transactions.
Tools Used
Recommendations
To mitigate this, include a mapping to keep track of each signer’s last used nonce:
Lead Judging Commences
Replay Attack - The same signature can be used over and over
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.