Signature Replay Attack #61
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-36
edited-by-warden
satisfactory
satisfies C4 submission criteria; eligible for awards
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L205
Vulnerability details
Impact
The 'execTransaction' function is vulnerable to replay attacks.
This is the part that we are interested in:
The nonce is increased without sanitizing the "batchId" input:
nonces[batchId]++;
It increase the provided batchId without doing hard checks on the provided key. If we provide a higher key (batchId) then the resulted nonce will be the same.
Attack vector: We can replay past transaction by just providing a higher batchId, without changing anything else. This will output the same nonce:
And therefore allowing an attacker to drain the user funds by using a past transaction multiple times.
A full poc reproduction can be found below.
Proof of Concept
A complete reproducible proof of concept:
Tools Used
Hardhat
Recommended Mitigation Steps
In the following list, there are 2 mitigation strategies to avoid this attack:
The "batchId" parameter from the "execTransaction" function will need to be removed and the key fixed as follows:
The text was updated successfully, but these errors were encountered: