Summary

Once a transaction is broadcast, its signature becomes visible to all network participants. If the transaction fails, the signer’s nonce is not updated, leaving the signature valid and vulnerable to reuse by a malicious actor when the original message is no longer relevant. Transactions that fail due to conditional checks, which may change over time, are not safe to be executed again later. In the current implementation, if the low-level call fails, the entire transaction reverts, leaving nonces[userAddress] unchanged and increasing the risk of unintended signature reuse in the future.

Vulnerability Details

https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/meta-transaction/NativeMetaTransaction.sol#L33C5-L68C6

Depending on what is the signed message is intended to do, the outcome differs.
Consider the following scenario:

1. Alice signs a message to allow Bob to join a DAO on her behalf.

2. Bob tries to execute the transaction, but it fails because Alice does not have enough currency tokens to pay membership and protocol fee in joinDAO.

3. Signature is now public and can be executed at any point.

4. At a later point Alice has enough currency tokens to execute the signed message.

5. The attacker can replay the MetaTransaction failed to execute at step 2 and succeed.

Alice's currency tokens are now spent unexpectedly against her will.

Another scenario where a valid operation may fail at one moment but succeed later is when the WBTC/USDC token is paused. If WBTC/USDC transfers are temporarily paused, any operation involving WBTC will fail until the pause is lifted.

Ultimately, the issue is applicable to all scenarios, where a certain operation does not get executed due to some error which may not be present in a later point in time.

Impact

Signature replay attack leading to unexpected behavior.

Tools Used

Manual review.

Recommendations

Consider updating the nonce even if the transaction fails.