Platform: Code4rena
Start Date: 15/10/2021
Pot Size: $35,000 USDC
Total HM: 4
Participants: 10
Period: 4 days
Judge: GalloDaSballo
Total Solo HM: 2
Id: 38
League: ETH
Rank: 2/10
Findings: 3
Award: $11,270.54
π Selected for report: 3
π Solo Findings: 1
π Selected for report: gpersoon
7687.9271 USDC - $7,687.93
gpersoon
Suppose one of the supplied addrs[i] to the constructor of Identity.sol happens to be 0 ( by accident).
In that case: privileges[0] = 1
Now suppose you call execute() with an invalid signature, then recoverAddrImpl will return a value of 0 and thus signer=0. If you then check "privileges[signer] !=0" this will be true and anyone can perform any transaction.
This is clearly an unwanted situation.
In the constructor of Identity.sol, add in the for loop the following: require (addrs[i] !=0,"Zero not allowed");
#0 - Ivshti
2021-10-19T15:32:34Z
duplicate of #2
#1 - Ivshti
2021-10-19T16:28:50Z
#2 - GalloDaSballo
2021-10-20T22:35:56Z
This seems to be the risk of having erecover returning zero, any invalid signature ends up being usable from any address to execute arbitrary logic.
Mitigation can be achieved by either reverting when about to return address(0), which the sponsor has used for mitigation
The other mitigation is to ensure that an account with address(0) cannot have privileges set to 1
I believe mitigation from sponsor to be sufficient, however I'd recommend adding a check against having address(0) in the constructor for Identity.sol just to be sure
#3 - Ivshti
2021-10-21T05:43:36Z
@GalloDeSballo an extra check is superfluous IMO, not only cause the revert on 0 in SIgnatureValidatorV2 guarantees that this is fixed, but also because it has to be in three places: constructor, setAddrPrivilege and the account creation system in js/IdentityProxyDeploy which rolls out bytecode that sstores privileges directly
3459.5672 USDC - $3,459.57
gpersoon
The function cancel() of contract QuickAccManager uses the wrong way to calculate the hash that has to be cancelled. It uses: "bytes32 hashTx = keccak256(abi.encode(address(this), block.chainid, accHash, nonce, txns));"
Where it should use "bytes32 hash = keccak256(abi.encode(address(this), block.chainid, accHash, nonce, txns, false));", the same as send() and execScheduled() are using.
The result of this is that the transactions cannot be cancelled.
In function cancel(): replace bytes32 hashTx = keccak256(abi.encode(address(this), block.chainid, accHash, nonce, txns)); with bytes32 hashTx = keccak256(abi.encode(address(this), block.chainid, accHash, nonce, txns, false));
#0 - Ivshti
2021-10-19T15:15:17Z
duplicate of #1 and resolved
#1 - GalloDaSballo
2021-10-24T23:33:02Z
Duplicate of #1
π Selected for report: gpersoon
61.5157 USDC - $61.52
gpersoon
The increment of the nonce in function execute() of Identity.sol uses a temporary variable.
This is not necessary because the temporary variable isn't used elsewhere. Thus a bit of gas could be saved by using nonce++ Note this is also used in the contract QuickAccManager.sol
Use "nonce++" in the following way: bytes32 hash = keccak256(abi.encode(address(this), block.chainid, nonce++, txns));
#0 - Ivshti
2021-10-19T16:01:34Z
Not sure if we should fix this cause it takes away some of the readability
#1 - Ivshti
2021-10-21T04:48:51Z
Fixed in QuickAccManager, as for Identity - fixing it there would open a reentrancy vulnr. Marking this as resolved
#2 - GalloDaSballo
2021-10-24T22:39:29Z
Agree with the finding, the sponsor has mitigated both findings
The first one (QuickAccManager) directly
The other one (Identity) via a different suggestion
π Selected for report: gpersoon
61.5157 USDC - $61.52
gpersoon
In the function setAddrPrivilege of Identity.sol the value of privileges[addr] is compare to 0 and 1 in the following way: "if (privileges[addr] != bytes32(0) && privileges[addr] != bytes32(uint(1)))"
As 0 and 1 are adjacent, you could also check "uint(privileges[addr]) > 1". This saves a (small amount) of gas.
replace if (privileges[addr] != bytes32(0) && privileges[addr] != bytes32(uint(1))) ... with if (uint(privileges[addr]) > 1) ...
#0 - Ivshti
2021-10-21T16:27:58Z
#1 - GalloDaSballo
2021-10-24T22:40:26Z
Clever way of typecasting the priviliges in to uint to save gas
The sponsor has applied the improvement