Cross-functional merkle tree replay attack
Summary
In PrioryPool contract, 3 functions(withdraw, unqueueTokens, and claimLSDTokens) use same hashing for merkle tree's leaf calculation, which allows replay attack.
Vulnerability Details
In 3 functions mentioned above, it does merkle proof verification and the leaf node is calculated as follows:
Since the logic is same across 3 functions, a malicious attacker can deposit and then ask for withdrawal from the PriorityPool, where the attacker will have correct merkle proof. The attacker uses this merkle proof for 3 functions, and as a result, the attacker will receive 3X of deposit amount and it drains the pool.
Impact
Attacker draining assets from
PriorityPool
Tools Used
Manual Review
Recommendations
In each function, it should attach unique hash to distinguish nodes between functions to prevent replay attack.
Lead Judging Commences
Same merkle proof used for `claimLSDTokens` as well as `unqueueTokens`
It does concern different variables. But using the same merkle inside 3 different functions is not a good practice. Nonces, separators and safety.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.