You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: Description
The _validateSignature function in the AtomWallet contract is responsible for validating the signatures of user operations. However, there is a potential replay attack vulnerability due to the lack of nonce handling or unique operation identifiers within the signature verification process. This vulnerability allows an attacker to reuse a valid signature for multiple transactions, bypassing the intended authorization checks. The vulnerability also allows an attacker to potentially replay a valid user operation multiple times, leading to unintended consequences such as double spending or manipulating internal accounting.
Attack Scenario
The legitimate owner of the wallet signs a UserOperation with a specific userOpHash and submits it for execution.
The transaction is successfully executed, and the signature is deemed valid. Replay Attack:
An attacker obtains the userOpHash and the corresponding valid signature from the previous transaction.
The attacker resubmits the same UserOperation with the identical userOpHash and signature.
The _validateSignature function verifies the signature as valid because the userOpHash is the same and was previously signed by the legitimate owner.
The transaction is executed again, allowing the attacker to perform unauthorized actions without the owner's consent.
Attachments
Proof of Concept (PoC) File
Revised _validateSignature function
function _validateSignature(UserOperation calldatauserOp, bytes32userOpHash)
internalvirtualoverridereturns (uint256validationData)
{
bytes32 hash =keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", userOpHash, userOp.nonce));
(addressrecovered,,) = ECDSA.tryRecover(hash, userOp.signature);
if (recovered !=owner() || userOp.nonce <= usedNonces[recovered]) {
return SIG_VALIDATION_FAILED;
}
usedNonces[recovered] = userOp.nonce +1; // Update used nonces after successful validationreturn0;
}
// fixmapping(address=>uint256) public usedNonces;
Added a new field 'nonce' to UserOperation struct (not shown here)
Included 'nonce' in the data hashed before signature verification
Added check for 'nonce' after signature verification
Checks if the 'nonce' is greater than the last used nonce for the signer address
Maintains a mapping 'usedNonces' to track used nonces
Updates 'usedNonces' after successful validation to prevent replaying the same operation
Revised Code File (Optional)
We recommend implementing the suggested fix or a similar approach to mitigate replay attacks in the _validateSignature function. This will significantly enhance the security of the smart contract and prevent attackers from exploiting this vulnerability.
The text was updated successfully, but these errors were encountered:
Github username: @obingo31
Twitter username: --
Submission hash (on-chain): 0xe89620ff010e672c753b01833e787f6db5c8efacf602e86b726a06174f704afb
Severity: high
Description:
Description
The
_validateSignaturefunction in theAtomWalletcontract is responsible for validating the signatures of user operations. However, there is a potential replay attack vulnerability due to the lack ofnoncehandling or unique operation identifiers within the signature verification process. This vulnerability allows an attacker to reuse a valid signature for multiple transactions, bypassing the intended authorization checks. The vulnerability also allows an attacker to potentially replay a valid user operation multiple times, leading to unintended consequences such as double spending or manipulating internal accounting.Attack Scenario
The legitimate owner of the wallet signs a UserOperation with a specific userOpHash and submits it for execution.
The transaction is successfully executed, and the signature is deemed valid.
Replay Attack:
An attacker obtains the
userOpHashand the corresponding valid signature from the previous transaction.The attacker resubmits the same
UserOperationwith the identical userOpHash and signature.The
_validateSignaturefunction verifies the signature as valid because theuserOpHashis the same and was previously signed by the legitimate owner.The transaction is executed again, allowing the attacker to perform unauthorized actions without the owner's consent.
Attachments
Revised _validateSignature function
Added a new field 'nonce' to UserOperation struct (not shown here)
Included 'nonce' in the data hashed before signature verification
Added check for 'nonce' after signature verification
Updates 'usedNonces' after successful validation to prevent replaying the same operation
Revised Code File (Optional)
We recommend implementing the suggested fix or a similar approach to mitigate replay attacks in the
_validateSignaturefunction. This will significantly enhance the security of the smart contract and prevent attackers from exploiting this vulnerability.The text was updated successfully, but these errors were encountered: