Vanguard

First Flight #56

Beginner FriendlyDeFiFoundry

0 EXP

View all submissions

Previous Next

Submission Details

Impact: medium

Likelihood: medium

Transaction Identity Collision Due to Missing Nonce Domain Separation

Author Revealed upon completion

Root + Impact

Description

Each multisig transaction is expected to be uniquely identified so signer confirmations apply only to the intended action.

Transaction identity is derived without a nonce or domain separator, allowing distinct transactions with identical parameters to share the same identity and confirmations.

// @> Transaction hash lacks nonce / domain separation

bytes32 txHash = keccak256(abi.encode(target, value, data));

Risk

Likelihood:

Occurs when governance submits repeated transactions with identical calldata

Common during treasury transfers or repeated administrative actions

Impact:

Signer confirmations may unintentionally authorize unintended executions

Violates signer intent and multisig safety assumptions

Proof of Concept

submitTransaction(target, 0, data); // Tx A

submitTransaction(target, 0, data); // Tx B

// Both share same hash → confirmations overlap

Recommended Mitigation

Bind transaction identity to a unique nonce or transaction ID.

- remove this code

+ add this code

- keccak256(abi.encode(target, value, data))

+ keccak256(abi.encode(txId, target, value, data))

Rewards breakdown

nSLOC

273

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!