You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 26, 2023. It is now read-only.
Lambda
medium
CardTopupTrusted signatures can be used multiple times / replayed
Summary
The signatures that are generated by a backend / trusted party do not include a nonce / replay protection and can be used multiple times.
Vulnerability Detail
CardTopupTrusted
directly callsrecoverSigner
on the (formatted) payload and does not include any nonces or other forms of replay protectionImpact
The same signature can be used for multiple approvals. I.e. a signature for 100 USDC can be used 10 times for topping up 1,000 USDC in total.
Code Snippet
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/HardenedTopupProxy.sol#L1033
Tool used
Manual Review
Recommendation
Include a nonce.
Duplicate of #42
The text was updated successfully, but these errors were encountered: