Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signatures can be replayed in withdraw() to withdraw more tokens than the user originally intended. #60

Open
c4-bot-4 opened this issue Mar 19, 2024 · 6 comments
Open

Signatures can be replayed in withdraw() to withdraw more tokens than the user originally intended. #60

c4-bot-4 opened this issue Mar 19, 2024 · 6 comments
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working edited-by-warden H-05 primary issue Highest quality submission among a set of duplicates 🤖_60_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality

Comments

@c4-bot-4
Copy link
Contributor

c4-bot-4 commented Mar 19, 2024
edited by c4-bot-3
Loading

Lines of code

https://github.com/code-423n4/2024-03-taiko/blob/f58384f44dbf4c6535264a472322322705133b11/packages/protocol/contracts/team/TimelockTokenPool.sol#L170

Vulnerability details

Impact

Signatures can be replayed in withdraw() to withdraw more tokens than the user originally intended.

Vulnerability Details

In the TimelockTokenPool.sol contracts, users can provide a signature to allow someone else to withdraw all their withdrawable tokens on their behalf using their signature. TimelockTokenPool.sol#L170) 

    function withdraw(address _to, bytes memory _sig) external {
        if (_to == address(0)) revert INVALID_PARAM();
        bytes32 hash = keccak256(abi.encodePacked("Withdraw unlocked Taiko token to: ", _to));
 @>     address recipient = ECDSA.recover(hash, _sig);
        _withdraw(recipient, _to);
    }

As seen from above, the signature provided does not include a nonce and this can lead to signature replay attacks. Due to the lack of a nonce, withdraw() can be called multiple times with the same signature. Therefore, if a user provides a signature to withdraw all his withdrawable tokens at one particular time, an attacker can repeatedly call withdraw() with the same signature to withdraw more tokens than the user originally intended.
The vulnerability is similar to Arbitrum H-01 where user's signatures could be replayed to use up more votes than a user intended due to a lack of nonce.

Tools Used

Manual Review

Recommended Mitigation Steps

Consider using a nonce or other signature replay protection in the TimelockTokenPool contract.

Assessed type

Invalid Validation
@c4-bot-4 c4-bot-4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working labels Mar 19, 2024
c4-bot-6 added a commit that referenced this issue Mar 19, 2024
@c4-bot-6
lightoasis issue #60
77c2e21
@c4-bot-11 c4-bot-11 added the 🤖_60_group AI based duplicate group recommendation label Mar 27, 2024
@c4-pre-sort c4-pre-sort added the primary issue Highest quality submission among a set of duplicates label Mar 28, 2024
@c4-pre-sort
Copy link

minhquanym marked the issue as primary issue

This was referenced Mar 28, 2024
Closed
Closed
Closed
Closed
Closed
@c4-pre-sort c4-pre-sort added the sufficient quality report This report is of sufficient quality label Mar 28, 2024
@c4-pre-sort
Copy link

minhquanym marked the issue as sufficient quality report

@minhquanym minhquanym mentioned this issue Mar 30, 2024
Open
@dantaik
Copy link

dantaik commented Apr 2, 2024

Valid bug report, trying to fix it in this PR: https://github.com/taikoxyz/taiko-mono/pull/16611/files

@c4-sponsor
Copy link

dantaik (sponsor) confirmed

@c4-sponsor c4-sponsor added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label Apr 5, 2024
@c4-judge
Copy link
Contributor

c4-judge commented Apr 9, 2024

0xean marked the issue as satisfactory

@c4-judge c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Apr 9, 2024
@c4-judge
Copy link
Contributor

0xean marked the issue as selected for report

@c4-judge c4-judge added the selected for report This submission will be included/highlighted in the audit report label Apr 10, 2024
@C4-Staff C4-Staff added the H-05 label Apr 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working edited-by-warden H-05 primary issue Highest quality submission among a set of duplicates 🤖_60_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") sufficient quality report This report is of sufficient quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@dantaik @c4-judge @c4-sponsor @c4-pre-sort @C4-Staff @code4rena-admin @c4-bot-4 @c4-bot-11