President Elector

First Flight #24

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Replay Attack Vulnerability in `rankCandidatesBySig` Function

a1111198

Summary

The rankCandidatesBySig function is vulnerable to replay attacks because it does not incorporate any mechanism to prevent the reuse of signatures across different voting rounds (s_voteNumber) or over time. An attacker can reuse a valid signature to cast multiple votes in the same or future voting rounds, potentially manipulating the election results.

Vulnerability Details

Affected Function: rankCandidatesBySig
Location in Code:

function rankCandidatesBySig(
address[] memory orderedCandidates,
bytes memory signature
) external {
//@audit signature Replay attack during rounds or vote_number like If zero round has passed and then in round 1 same can be casted.
bytes32 structHash = keccak256(abi.encode(TYPEHASH, orderedCandidates));
bytes32 hash = _hashTypedDataV4(structHash);
address signer = ECDSA.recover(hash, signature);
_rankCandidates(orderedCandidates, signer);
}
Issue Explanation:
- Replay Attack: In the current implementation, signatures are valid indefinitely and can be reused across multiple voting rounds because there is no nonce, timestamp, or vote number included in the signed message.
- No Signature Uniqueness: Without incorporating a unique element (like s_voteNumber or a nonce) into the signed data, the same signature can be submitted multiple times or in future voting periods.
- Potential Exploit Scenario: An attacker could intercept a valid signature and reuse it in subsequent rounds to cast votes on behalf of the original signer without their consent.

Impact

Severity: High

Integrity of Voting Process Compromised: Replay attacks can undermine the fairness and integrity of the election by allowing unauthorized or duplicate votes.
Unauthorized Vote Casting: Attackers can manipulate election outcomes by submitting multiple votes using the same signature.
Voter Trust Erosion: Such vulnerabilities can lead to a loss of trust in the system from legitimate voters.

Tools Used

Manual Code Review: Identified the lack of nonce or unique identifiers in the signature verification process.

Recommendations

Include s_voteNumber in the Signed Message:
- Modify the TYPEHASH to include the current s_voteNumber:
  
  bytes32 public constant TYPEHASH = keccak256("rankCandidates(uint256 voteNumber,address[] orderedCandidates)");
- Adjust the rankCandidatesBySig function accordingly:
  
  bytes32 structHash = keccak256(abi.encode(TYPEHASH, s_voteNumber, orderedCandidates));
Implement Nonce Mechanism:
- Introduce a mapping to store nonces for each voter:
  
  mapping(address => uint256) private nonces;
- Include the nonce in the signed message and increment it after each vote:
  
  bytes32 public constant TYPEHASH = keccak256("rankCandidates(uint256 nonce,address[] orderedCandidates)");
  bytes32 structHash = keccak256(abi.encode(TYPEHASH, nonces[signer], orderedCandidates));
  nonces[signer]++;

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Replay Attack - The same signature can be used over and over

Rewards breakdown

nSLOC

140

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.