Project

One World

NFTDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Replay Attack Vulnerability

hackz

Summary

The NativeMetaTransaction contract is vulnerable to replay attacks across different contracts or chains due to the lack of unique identifiers for each contract or chain within the hashMetaTransaction calculation.

Finding Description

The replay attack vulnerability arises because the contract does not include a unique identifier, such as chainId or the contract's address, in the meta-transaction hash calculation. Without these identifiers, a meta-transaction executed on one chain or contract can be replayed on other compatible chains or contracts, assuming they use the same MetaTransaction structure and hashMetaTransaction function.

This vulnerability breaks the guarantee of transaction uniqueness, as a malicious user could reuse a single meta-transaction across various compatible deployments. For example, if MetaTransaction data is identical between two chains or contracts, the transaction could be re-executed on a different chain or contract than originally intended.

Vulnerability Details

The vulnerable function in the contract is hashMetaTransaction, which currently only includes the nonce, from address, and functionSignature. Without additional unique identifiers, this hash is not tied specifically to the contract or chain it was created for, allowing for unintended reuse across deployments.

Impact

This vulnerability has a high impact because it can compromise the security of the contract by enabling unauthorized replay of transactions on multiple chains or contract instances. This could lead to double-spending issues or other unintended outcomes, affecting both the integrity of the application and user funds.

Proof of Concept

Consider the following scenario:

A user signs a meta-transaction on Chain A using the NativeMetaTransaction contract instance.
Without a unique identifier, this signed transaction can be reused by a malicious actor on Chain B, where an identical contract instance is deployed.

This is possible because the hashMetaTransaction function generates the same hash on both chains, as it lacks any chain-specific information.

Recommendations

To prevent replay attacks, include chainId or the contract's address in the hashMetaTransaction function. This addition will make the hash calculation unique to the chain or contract instance, preventing the transaction from being reused elsewhere.

Code Fix

Add chainId and/or address(this) to hashMetaTransaction as shown below:

function hashMetaTransaction(MetaTransaction memory metaTx)

public

view

returns (bytes32)

{

return

keccak256(

abi.encode(

META_TRANSACTION_TYPEHASH,

metaTx.nonce,

metaTx.from,

keccak256(metaTx.functionSignature),

block.chainid, // Adds chain ID to the hash

address(this) // Adds contract address to the hash

)

);

}

This modification will ensure that the hash is unique to both the contract and the chain, effectively mitigating replay attacks.

File Location

NativeMetaTransaction.sol

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

541

28 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.