Steep Rose Rattlesnake
Medium
The VerifierBase.verifyCommon()
method can be called by anyone and specifies common.account
and common.nonce
at will.
After method execution nonces[common.account][common.nonce]
is set to true
This will cause subsequent signing of normal transactions to fail
The verifyCommon()
method can be called by anyone and specifies any common.account
and common.nonce
.
This method will have nonces[common.account][common.nonce]
set to true
This causes subsequent transactions that are normally signed, to fail to execute properly
No response
No response
- normal user submits any transaction that requires a signature
common.account = 0x123, common.nonce=1
- alice maliciously front run and executes
verifyCommon()
- common.domain = alice
- common.signer = alice
- common.account = 0x123
- common.nonce=1
- after nonces[0x123][1]=true
- when execute step 1 transaction will fail with
VerifierInvalidNonceError
There are multiple uses of signatures in the current protocol, such as market.sol
/Controller_Incentivized.sol
/Manager.sol
.
Some, such as cancelOrderWithSignature()
, etc., are time-sensitive, and if they are DOS'd may result in an inability to cancel the order, which will result in a loss to the user
No response
Suggest VerifierBase
to add whitelisting mechanism to control common.domain
only in whitelisting
modifier validateAndCancel(Common calldata common, bytes calldata signature) {
+ if(!isWhitelist(common.domain)) revert VerifierInvalidDomainError();
if (common.domain != msg.sender) revert VerifierInvalidDomainError();
if (signature.length != 65) revert VerifierInvalidSignatureError();
if (nonces[common.account][common.nonce]) revert VerifierInvalidNonceError();
if (groups[common.account][common.group]) revert VerifierInvalidGroupError();
if (block.timestamp >= common.expiry) revert VerifierInvalidExpiryError();
_cancelNonce(common.account, common.nonce);
_;
}