Signature malleability in QuestFactory.sol #459
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-107
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/QuestFactory.sol#L219-L229
Vulnerability details
Impact
https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/QuestFactory.sol#L219-L229
can be replay attack in another contract
Proof of Concept
here a contract with the function
here test
Tools Used
manual review
Recommended Mitigation Steps
add at the hash the address of contract and chainId
The text was updated successfully, but these errors were encountered: