-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signature Replay attack on re-created smart accounts #472
Comments
gzeon-c4 marked the issue as duplicate of #127 |
livingrockrises marked the issue as disagree with severity |
livingrockrises marked the issue as sponsor disputed |
explain delete account and recreated smart account |
gzeon-c4 changed the severity to QA (Quality Assurance) |
gzeon-c4 marked the issue as grade-b |
Sorry for not describing it better and providing a PoC in code, I was running out of time:
I think this is a valid finding of medium severity according to C4's severity criteria |
The risk is low because the smart account being self-destructed and later funded with value is very unlikely to happen. |
Lines of code
https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/BaseSmartAccount.sol#L12-L18
Vulnerability details
Signature Replay attack on re-created smart accounts
Impact
User's can loose funds or any unexpected behaviour can occur that transaction replay attacks usually lead to.
Proof of Concept
Consider the case when someone decides they want to destroy their smart account for some reason. Since the smart contract (account) is created from the factory using the
create2
opcode from, users are able to re-deploy their smart contract account again after a self-destruct. The problem comes from that after aselfdestruct
operation, all the smart contract`s storage is gone. That means if user re-creates their smart contract account, thenonces
mapping will be deleted. This will give the opportunity for any external malicious account to replay already passed transaction as the contract owner is the same and the nonces counting restart from 0.Consider the following example:
_owner: address(0xabababababababababababababababababababab)
_entryPoint: address(0xcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd)
_handler: address(0xefefefefefefefefefefefefefefefefefefefef)
_index: 0
NOTE: Although the
domainSeparator
is used to calculate the account transaction hash, this doesn't prevent the signature replay as theverifyingContract
(address(this)
) is the same in both the old smart contract account (the selfdestructed one) and the new one.Tools Used
Manual review
Recommended Mitigation Steps
Add
expirationTime
propery in theTransaction
struct and check against block.timestamp inSmartAccount.execTransaction
.The text was updated successfully, but these errors were encountered: