Platform: Code4rena
Start Date: 23/02/2024
Pot Size: $92,000 USDC
Total HM: 0
Participants: 47
Period: 10 days
Judge: 0xTheC0der
Id: 336
League: ETH
Rank: 16/47
Findings: 1
Award: $694.30
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: CodeWasp
Also found by: 0xdice91, 0xlemon, Aamir, Al-Qa-qa, AlexCzm, BAHOZ, Bauchibred, Breeje, DadeKuma, Fassi_Security, PetarTolev, Shield, SpicyMeatball, Trust, ZanyBonzy, cheatc0d3, gesha17, haxatron, imare, jesjupyter, kutugu, lsaudit, marchev, merlinboii, nnez, osmanozdemir1, peanuts, radev_sw, twicek, visualbits
694.2987 USDC - $694.30
If a user decides that a signature for a UniStaker operation is not to be used anymore there is no implementation that provides this functionality of invalidating a valid signature. Making such signature operation valid forever until a signature transaction is consumed.
If the user decides to rescind a provided signature he/she is unable to do so.
A user signature operation on UniStaker contract can be currently "invalidated" only if consumed in a transaction.
The user creating a signature should be able to invalidate an existing signature by invalidate/increment the user nonce which is used on the signature verification.
In the UniStaker contract there are many methods that use signatures to carry operation in the name of the user which created the specific operation signature:
https://github.com/code-423n4/2024-02-uniswap-foundation/blob/5a2761c8277541a24bc551fbd624413b384bea94/src/UniStaker.sol#L315 https://github.com/code-423n4/2024-02-uniswap-foundation/blob/5a2761c8277541a24bc551fbd624413b384bea94/src/UniStaker.sol#L382 https://github.com/code-423n4/2024-02-uniswap-foundation/blob/5a2761c8277541a24bc551fbd624413b384bea94/src/UniStaker.sol#L423 https://github.com/code-423n4/2024-02-uniswap-foundation/blob/5a2761c8277541a24bc551fbd624413b384bea94/src/UniStaker.sol#L466 https://github.com/code-423n4/2024-02-uniswap-foundation/blob/5a2761c8277541a24bc551fbd624413b384bea94/src/UniStaker.sol#L512 https://github.com/code-423n4/2024-02-uniswap-foundation/blob/5a2761c8277541a24bc551fbd624413b384bea94/src/UniStaker.sol#L544
But there is no implementation that provides the ability for the same user to rescind the signature and decide to block its execution.
Manual review
Add a method to UniStaker.sol contract file where the user can invalidated its nonce and in doing so block all created and not already consumed signatures:
contract UniStaker is INotifiableRewardReceiver, Multicall, EIP712, Nonces { ... + function invalidateNonce() external { + _useNonce(msg.sender); + } ...
Other
#0 - c4-judge
2024-03-07T17:00:26Z
MarioPoneder marked the issue as duplicate of #69
#1 - c4-judge
2024-03-07T23:13:08Z
MarioPoneder marked the issue as duplicate of #206
#2 - c4-judge
2024-03-14T03:36:27Z
MarioPoneder changed the severity to QA (Quality Assurance)
#3 - c4-judge
2024-03-14T13:48:13Z
MarioPoneder marked the issue as grade-b