Skip to content

087.md

Latest commit

 

History

History
94 lines (65 loc) · 3.17 KB

087.md

File metadata and controls

94 lines (65 loc) · 3.17 KB

Fast Cerulean Armadillo

Medium

Signature Replay Vulnerability in Withdraw Function

Summary

The withdraw function in the contract doesn't have check to prevent used signatures. This allows users to reuse old signatures with a lower excessProfitCumulativeValue, causing incorrect withdrawal calculations and more withdraw amounts

Root Cause

The _verify function does not track or invalidate previously used signatures. This allows users to use old signatures with lower excessProfitCumulativeValue value.

    function withdraw(
        uint64 index,
        uint256 excessProfitCumulativeValue,
        uint256 nonce,
        bytes memory signature
    ) external payable nonReentrant whenNotPaused(IMultiSign.Functions(5)) {
        if (!_verify(FunctionName.CDS_WITHDRAW, excessProfitCumulativeValue, nonce, "0x", signature)) revert CDS_NotAnAdminTwo();
///
}

 function _verify(
        FunctionName functionName,
        uint256 excessProfitCumulativeValue,
        uint256 nonce,
        bytes memory odosExecutionData,
        bytes memory signature
    ) private view returns (bool) {
        bytes32 digest;
        if (functionName == FunctionName.CDS_WITHDRAW) {
            digest = _hashTypedDataV4(
///

      address signer = ECDSA.recover(digest, signature);
        bytes32 hashedSigner = keccak256(abi.encodePacked(signer));
        if (hashedSigner == hashedAdminTwo) {
            return true;
        } else {
            return false;
        }

https://github.com/sherlock-audit/2024-11-autonomint/blob/0d324e04d4c0ca306e1ae4d4c65f0cb9d681751b/Blockchain/Blockchian/contracts/Core_logic/CDS.sol#L279C1-L285C130

excessProfitCumulativeValue is used to calculate return value of withdraw. If users use old signature with lower value, they can get higher amount than expected.

                if (cumulativeValueAtDeposit > cumulativeValueAtWithdraw) {
                    // Its loss since cumulative val is low
                    uint256 loss = (depositedAmount * valDiff) / 1e11;
                    return (depositedAmount - loss);
                } else {
                    // Its gain since cumulative val is high
                    uint256 profit = (depositedAmount * (valDiff - excessProfitCumulativeValue)) / 1e11;
                    return (depositedAmount + profit);
                }

https://github.com/sherlock-audit/2024-11-autonomint/blob/0d324e04d4c0ca306e1ae4d4c65f0cb9d681751b/Blockchain/Blockchian/contracts/Core_logic/CDS.sol#L472

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

  1. A legitimate signature is generated with a certain excessProfitCumulativeValue and nonce.
  2. The protocol updates the excessProfitCumulativeValue and generates a new signature
  3. A malicious user submits the old signature, bypassing the updated value.
  4. In the cdsAmountToReturn function, this outdated value causes incorrect withdrawal amounts to be calculated, leading to more profit extraction.

Impact

Users can withdraw more funds than they are entitled to

PoC

No response

Mitigation

Add a mapping to track used nonces and mark them as consumed after successful verification.