Skip to content

Latest commit

 

History

History
53 lines (34 loc) · 1.56 KB

018.md

File metadata and controls

53 lines (34 loc) · 1.56 KB
Raw

Proper Champagne Raven

High

Missing signature validation

Summary

In the _countValidSignatures function, anyone can craft valid signatures.

Root Cause

In HatsSignerGate.sol:656-683, in the cases where v=0 and v=1, the contract logic miss some validations.

      if (v == 0) {
        // If v is 0 then it is a contract signature
        // When handling contract signatures the address of the contract is encoded into r
        currentOwner = address(uint160(uint256(r)));
      } else if (v == 1) {
        // If v is 1 then it is an approved hash
        // When handling approved hashes the address of the approver is encoded into r
        currentOwner = address(uint160(uint256(r)));
      }

Anyone can easily send a signature with the r he wants, so with a valid signer who has not signed the dataHash.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

  1. A valid signer send fake signatures with v=0 or v=1, and r as a valid signer.
  2. The checkTransaction calls the internal _countValidSignatures function.
  3. The function does not revert, count the fake signatures as valid and a malicious transaction is validated.

Impact

Any malicious user can craft valid signatures.

PoC

No response

Mitigation

  1. Add logic for the case where the signer is a smart contract (v=0). Follow the eip-1271.
  2. Add logic for the case v=1 if wanted or revert in this case.