Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Lambda - CardTopupTrusted signatures can be used multiple times / replayed #85

Closed
sherlock-admin opened this issue Oct 28, 2022 · 0 comments
Closed

Lambda - CardTopupTrusted signatures can be used multiple times / replayed #85

sherlock-admin opened this issue Oct 28, 2022 · 0 comments
Labels
Duplicate Medium

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Oct 28, 2022
edited
Loading

Lambda

medium

CardTopupTrusted signatures can be used multiple times / replayed

Summary

The signatures that are generated by a backend / trusted party do not include a nonce / replay protection and can be used multiple times.

Vulnerability Detail

CardTopupTrusted directly calls recoverSigner on the (formatted) payload and does not include any nonces or other forms of replay protection

Impact

The same signature can be used for multiple approvals. I.e. a signature for 100 USDC can be used 10 times for topping up 1,000 USDC in total.

Code Snippet

https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/HardenedTopupProxy.sol#L1033

Tool used

Manual Review

Recommendation

Include a nonce.

Duplicate of #42
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate Medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin