Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing ECDSA Signature Validation

0xbeastboy

Github

  • https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/meta-transaction/NativeMetaTransaction.sol#L90

Summary

The verify function in the NativeMetaTransaction contract lacks proper validation of the ECDSA signature recovery parameter (v). This omission could lead to signature malleability issues and potential replay attacks, as the function accepts any value for the recovery parameter without enforcing the standard Ethereum signature requirements.

Vulnerability Details

In the current implementation, the verify function passes the signature parameters directly to ecrecover without validating the v parameter:

function verify(
address signer,
MetaTransaction memory metaTx,
bytes32 sigR,
bytes32 sigS,
uint8 sigV
) internal view returns (bool) {
require(signer != address(0), "NativeMetaTransaction: INVALID_SIGNER");
return
signer ==
ecrecover(
toTypedMessageHash(hashMetaTransaction(metaTx)),
sigV,
sigR,
sigS
);
}

The vulnerability stems from incomplete signature validation in the verify function. While the function checks for a non-zero address signer, it overlooks the crucial validation of the v parameter. According to Ethereum's ECDSA implementation, valid v values must be either 27 or 28 for standard signatures, or follow the EIP-155 format of chainId * 2 + 35 or chainId * 2 + 36 when chain ID protection is implemented. The current implementation bypasses these checks, allowing potentially malformed signatures to be processed.

Impact

The lack of signature validation creates serious security implications for the meta-transaction system. Without proper v parameter validation, attackers could potentially manipulate signatures while keeping them functionally valid, enabling signature malleability attacks. This vulnerability also wastes gas by allowing ecrecover calls with invalid parameters, and most critically, reduces the overall security guarantees of the signature verification system. In a meta-transaction context, where signatures authorize actions on behalf of users, such weaknesses in signature validation could lead to unauthorized transactions or replay attacks.

Tools Used

Manual Review

Recommendations

The solution requires implementing proper validation of the signature recovery parameter before processing the signature. The following code is an idea of how it should be:

function verify(
address signer,
MetaTransaction memory metaTx,
bytes32 sigR,
bytes32 sigS,
uint8 sigV
) internal view returns (bool) {
require(signer != address(0), "NativeMetaTransaction: INVALID_SIGNER");
// EIP-155 signature validation
uint256 chainId = block.chainid;
if (chainId != 0) {
require(
sigV == uint8(chainId * 2 + 35) ||
sigV == uint8(chainId * 2 + 36),
"NativeMetaTransaction: INVALID_SIGNATURE_V"
);
} else {
// Standard signature validation
require(
sigV == 27 || sigV == 28,
"NativeMetaTransaction: INVALID_SIGNATURE_V"
);
}
return
signer ==
ecrecover(
toTypedMessageHash(hashMetaTransaction(metaTx)),
sigV,
sigR,
sigS
);
}
Updates

Lead Judging Commences

0xbrivan2 Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.