New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signature malleability in isPolicySignatureValid()
and executeTransaction()
#243
Comments
raymondfam marked the issue as low quality report |
raymondfam marked the issue as duplicate of #212 |
raymondfam marked the issue as duplicate of #398 |
alex-ppg marked the issue as not a duplicate |
The Warden has referenced past issues that are irrelevant to the present submission; the signature malleability that the Solady library talks about is in relation to a known flaw in the The ECDSA curve utilized in Ethereum is symmetric on the X axis, meaning that a particular point in the curve always contains a valid opposite on the other side of the X axis. In To prevent this misbehaviour, the official recommendation is to restrict In this particular instance within the Brahma project, the vulnerability is inconsequential as a replay attack cannot occur; the |
alex-ppg marked the issue as unsatisfactory: |
Lines of code
https://github.com/code-423n4/2023-10-brahma/blob/dd0b41031b199a0aa214e50758943712f9f574a0/contracts/src/core/ExecutorPlugin.sol#L140-L140
https://github.com/code-423n4/2023-10-brahma/blob/dd0b41031b199a0aa214e50758943712f9f574a0/contracts/src/core/PolicyValidator.sol#L141
Vulnerability details
Impact
Both
isPolicySignatureValid()
andexecuteTransaction()
are vulnerable to signature malleability, which allows replay attacks.Those functions use solady
SignatureCheckerLib.isValidSignatureNow
to verify signature. According to solady codebase: "This implementation does NOT check if a signature is non-malleable.".During the previous Code4rena contest, the similar attack vector has been evaluated as Medium/High
Based on that, I've decided to evaluate the risk of this issue as Medium. It's worth to note, that in most of the previous Code4rena contests, the signature malleability had been detected during the bot race, so it was not reported as a separate issue. Thus, there aren't many contests which could be used as a reference for proper severity categorization. In the current contest - the bot race did not report signature malleability issue, so I'm reporting it as a separate issue in this report.
Proof of Concept
src/core/PolicyValidator.sol
, there is a functionisPolicySignatureValid()
responsible for validating signature against policies for module execution.We can see, that it uses
SignatureCheckerLib.isValidSignatureNow
to perform signature validation:File: src/core/PolicyValidator.sol
In
src/core/ExecutorPlugin.sol
, there's a functionexecuteTransaction
, which enables executors to raise execution requests that will be executed via a module transaction. That function, calls internal_validateExecutionRequest
, which is internal helper to validate the execution request.We can see, that it uses
SignatureCheckerLib.isValidSignatureNow
to validate executor signature:File: src/core/ExecutorPlugin.so
File: src/core/ExecutorPlugin.so
Let's take a closer look at
SignatureCheckerLib.isValidSignatureNow
now.In both files, it's imported from
solady/utils/SignatureCheckerLib.sol
. Let's check the solady implementation then:As stated in the solady comment section, the library does not provide any protection from signature malleability. This can be additionally confirmed by looking at the implementation of
isValidSignatureNow()
.This implies, that since
isPolicySignatureValid()
andexecuteTransaction()
uses solady implementation - there are suspicable to signature malleabilityTools Used
Manual code review
Recommended Mitigation Steps
Consider using OpenZeppelin's ECDSA library: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/cryptography/ECDSA.sol
Assessed type
Library
The text was updated successfully, but these errors were encountered: