hubble-contracts icon indicating copy to clipboard operation
hubble-contracts copied to clipboard

Published 20 hours ago verified publisher icon thehubbleproject

Withdraw signature has no nonce

Open dmaretskyi opened this issue 4 years ago • 2 comments

To claim the withdrawn funds to an ethereum address users submit a signature signed with their BLS wallet. Right now that signature only includes the address that the funds are being withdrawn to, and no nonce.

This allows an attacker to re-use the same signature for the next withdrawal from the same account.

https://github.dev/thehubbleproject/hubble-contracts/blob/7058cba1a4e5a6251571f74a6a7f16de5b77e2a7/contracts/WithdrawManager.sol#L98-L98

dmaretskyi avatar Sep 14 '21 09:09 dmaretskyi

This is similar to the replay attack illustrated in this Solidity example: https://docs.soliditylang.org/en/v0.6.12/solidity-by-example.html?highlight=nonce#what-to-sign

@Marik-D when referring to nonce, I assume you are referring to a data structure that would track nonce's specific to the WithdrawlManager (such as mapping(uint256 => bool) usedNonces from the example above), and not the nonce associated with L1 txns for an ETH address?

jacque006 avatar Sep 14 '21 21:09 jacque006

Yes, it doesn't have to be the nonce of the L1 ETH account, just some single-use value. Can be something specific to this withdraw operation.

dmaretskyi avatar Sep 14 '21 21:09 dmaretskyi