-
Notifications
You must be signed in to change notification settings - Fork 0
berndartmueller - The time-dependent signature check is not safe #42
Comments
Yes, yes the signature could be reused and it is ok. The allowance checks current allowance in any case. |
As validation attempts are made in the |
This should be invalid. There is no real risk of reusing the signature. To be honest, I find the current system is being too paranoid and strict with the allowance (require a recent approval with a correct amount), which is not necessary and not making it more safe. If there is a bug that allows an attacker to use other user's allowance, they can still do so, just need to wait for some time to exploit the user right after they approved and before they consume the allowance. In short, such restriction is not very useful, at least not impactful enough to be considered a medium. I would even encourage you to remove for the sake of simplicity. |
berndartmueller
medium
The time-dependent signature check is not safe
Summary
The
HardenedTopupProxy.CardTopupTrusted
function is called by a trusted off-chain executor and uses a time-dependent signature check. This is unsafe as the signature can be (accidentally) reused within the allowedallowanceSignatureTimespan
timespan.Vulnerability Detail
The
HardenedTopupProxy.CardTopupTrusted
function is called by a trusted off-chain executor and uses a time-dependent signature check by incorporating a timestamp_timestamp
in the signed signature. To prevent replay attacks, the_timestamp
is checked to be within the allowedallowanceSignatureTimespan
timespan. However, it is in the possible realm of the off-chain trusted executor to retry the call (due to various reasons) with the same parameters (given that the token spending allowance is set as well, or, the allowance is already set high enough to cover multiple topups with the same amount - as long asallowanceTreshold
is set accordingly).Impact
The trusted off-chain executor can use the same signature multiple times within the allowed
allowanceSignatureTimespan
timespan. This can lead to repeated top-ups for the receiver_receiverHash
.Code Snippet
HardenedTopupProxy.sol#L1041
Tool Used
Manual Review
Recommendation
Consider using a nonce to prevent replay attacks. This can be done by adding a nonce to the signed message instead of the timestamp
_timestamp
. The nonce can be stored and incremented on everyCardTopupTrusted
function call. This way the same signature can not be used twice.The text was updated successfully, but these errors were encountered: