You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The BaseOpenfortAccount::revokeSessionKey function will improperly revoke a session key as any whitelisted entries will remain within it. As such, if it is ever reconfigured previously whitelisted addresses will still have access to it.
Impact:
A revoked session key that is re-configured will retain previously whitelisted entries which is incorrect.
Example:
/** * Register a session key to the account * @param _key session key to register * @param _validAfter - this session key is valid only after this timestamp. * @param _validUntil - this session key is valid only up to this timestamp. * @param _limit - limit of uses remaining. * @param _whitelist - this session key can only interact with the addresses in the _whitelist. */function registerSessionKey(
address_key,
uint48_validAfter,
uint48_validUntil,
uint48_limit,
address[] calldata_whitelist
) externalvirtual {
_requireFromOwner();
require(_validUntil >block.timestamp, "Cannot register an expired session key");
require(_validAfter < _validUntil, "_validAfter must be lower than _validUntil");
require(sessionKeys[_key].validUntil ==0, "SessionKey already registered");
require(_whitelist.length<11, "Whitelist too big");
uint256 i;
for (i; i < _whitelist.length;) {
sessionKeys[_key].whitelist[_whitelist[i]] =true;
unchecked {
++i;
}
}
if (i !=0) {
// If there is some whitelisting, it is not a masterSessionKey
sessionKeys[_key].whitelisting =true;
sessionKeys[_key].masterSessionKey =false;
} else {
// If there is some limit, it is not a masterSessionKeyif (_limit == ((2**48) -1)) {
sessionKeys[_key].masterSessionKey =true;
} else {
sessionKeys[_key].masterSessionKey =false;
}
}
sessionKeys[_key].validAfter = _validAfter;
sessionKeys[_key].validUntil = _validUntil;
sessionKeys[_key].limit = _limit;
sessionKeys[_key].registrarAddress =owner();
emitSessionKeyRegistered(_key);
}
/** * Revoke a session key from the account * @param _key session key to revoke */function revokeSessionKey(address_key) externalvirtual {
_requireFromOwner();
if (sessionKeys[_key].validUntil !=0) {
sessionKeys[_key].validUntil =0;
sessionKeys[_key].limit =0;
sessionKeys[_key].masterSessionKey =false;
sessionKeys[_key].registrarAddress =address(0);
emitSessionKeyRevoked(_key);
}
}
Recommendation:
We advise the code to erase the whitelist as well, potentially by maintaining a whitelist nonce that is incremented each time the key has been revoked so as to permit fresh mapping declarations to be used each time.
The text was updated successfully, but these errors were encountered:
BOA-04M: Improper Revocation of Session Key
Description:
The
BaseOpenfortAccount::revokeSessionKey
function will improperly revoke a session key as any whitelisted entries will remain within it. As such, if it is ever reconfigured previously whitelisted addresses will still have access to it.Impact:
A revoked session key that is re-configured will retain previously whitelisted entries which is incorrect.
Example:
Recommendation:
We advise the code to erase the whitelist as well, potentially by maintaining a whitelist nonce that is incremented each time the key has been revoked so as to permit fresh
mapping
declarations to be used each time.The text was updated successfully, but these errors were encountered: