Platform: Code4rena
Start Date: 01/08/2022
Pot Size: $50,000 USDC
Total HM: 26
Participants: 133
Period: 5 days
Judge: Jack the Pug
Total Solo HM: 6
Id: 151
League: ETH
Rank: 48/133
Findings: 1
Award: $94.87
🌟 Selected for report: 0
🚀 Solo Findings: 0
In all places where the signature is required, but msg.sender can be anyone, the same actions can be replayed by re-using the same signature with the same data. This can cause multiple problems, which allows both to corrupt the processes, lock usage or even steal money by malicious actors.
Examples problems:
changeOrder action is used (change subcontractor and/or change task cost), subcontractor can send data + signatures of any of the existing changeOrder to change things back to replayed order. If task cost is increased, then reduced, subcontractor can re-send transaction with higher task cost to increase task cost again.addTasks can be re-played (the same transaction data re-sent multiple times) to add a lot of the same tasks to the projects, which will create problems to builder and render the project unusable (as adding funding might fund wrong tasks, real project cost will be different etc)setComplete can be re-played, and coupled with changeOrder bug this allows to steal money by malicious subcontractor (more details in a separate changeOrder bug report)Copy these to test/Hack.ts and test/utils/hack.ts run: yarn test test/Hack.ts
https://gist.github.com/panprog/e9d5ad24b9bdf4ea6efabad5da385d0b
Consider adding nonce to all signed messages to prevent replaying them.
#0 - horsefacts
2022-08-06T20:52:52Z
I believe 1) and 3) are correct here, but I don't think 2) is possible, as the project's task count will act as an implicit nonce.
#1 - parv3213
2022-08-17T06:54:43Z