Skip to content
This repository has been archived by the owner on Feb 12, 2024. It is now read-only.

Replay attack possibility #16

Open
gundas opened this issue Jun 19, 2019 · 2 comments
Open

Replay attack possibility #16

gundas opened this issue Jun 19, 2019 · 2 comments

Comments

@gundas
Copy link

gundas commented Jun 19, 2019

Problem description
If the same address is a signer in multiple WalletSimple contract instances, an operation approval signature intended for one contract can be replayed on another WalletSimple contracts.

Cause
The WalletSimple contract address is not included in the operationHash calculation.

Sugested fix
Add address(this) to the operationHash calculation, e.g.:

var operationHash = sha3("ETHER", address(this), toAddress, value, data, expireTime, sequenceId);
@meisser
Copy link

meisser commented Jun 18, 2020

Came here to report the same. :)

Btw: do you have an idea about the purpose of the "ETHER" string?

@gundas
Copy link
Author

gundas commented Jun 18, 2020

I copied it from the contract code without much thinking:) :
https://github.com/BitGo/eth-multisig-v2/blob/master/contracts/WalletSimple.sol#L130

I think the "ETHER" and "ERC20" strings are added to differentiate between Ether and token signatures. So that Ether transfer signature would not be used for ERC-20 transfer function and vice versa.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gundas @meisser