0xlookman - Signatures used in EPProgramManager.sol::updateUserUnits in vulnerability to cross chain signature replys.
#73
Comments
sherlock-admin2
changed the title
EPProgramManager.sol::updateUserUnits in vulnerability to cross chain signature replys.EPProgramManager.sol::updateUserUnits in vulnerability to cross chain signature replys.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
0xlookman
Medium
Signatures used in
EPProgramManager.sol::updateUserUnitsin vulnerability to cross chain signature replys.Summary
The suite is going to be deployed multiple chains. Signatures are used in
EPProgramManager.sol::updateUserUnitswhen updating units of users but these signatures are not protected against cross chain signature replys.Root Cause
Lack of protection against cross chain signature replys.
Internal pre-conditions
A chain id is not applied in the signature hash yet it's to be deployed on multiple contracts.
External pre-conditions
No response
Attack Path
A user subscribed to a different programme decides to reuse a signed message on a different chain to get more units.
Impact
Unauthorized increase of users units across chains.
PoC
Mitigation
Consider using the chain id in the signature hash.
The text was updated successfully, but these errors were encountered: