Skip to content

Latest commit

 

History

History
101 lines (78 loc) · 3.37 KB

039.md

File metadata and controls

101 lines (78 loc) · 3.37 KB

Low Tangerine Cod

High

odos signature can be used for other withdraws to make bad swap on odos for protocol

Summary

There is no invalidation that this signature already used in protocol

Root Cause

In withdraw function signature and odos data passed to cds contract

    function withDraw(
        address toAddress,
        uint64 index,
        bytes memory odosAssembledData,
        bytes memory signature
    ) external payable nonReentrant whenNotPaused(IMultiSign.Functions(1)) {
        // check is _toAddress in not a zero address and isContract address
        if (toAddress == address(0) || isContract(toAddress)) revert Borrow_CantBeContractOrZeroAddress(toAddress);

-->        if (!cds.verify(odosAssembledData, signature)) revert Borrow_NotSignedByEIP712Signer();
        // Get the depositor details

Blockchian/contracts/Core_logic/borrowing.sol#L290

where signature is not being invalidated anywhere which allows to use it again for any other withdraw for that user

    function verify(
        bytes memory odosExecutionData,
        bytes memory signature
    ) external view onlyBorrowingContract returns (bool) {
        return
            _verify(
                FunctionName.BORROW_WITHDRAW,
                0,
                0,
                odosExecutionData,
                signature
            );
    }

    function _verify(
        FunctionName functionName,
        uint256 excessProfitCumulativeValue,
        uint256 nonce,
        bytes memory odosExecutionData,
        bytes memory signature
    ) private view returns (bool) {
        bytes32 digest;
...
        } else if (functionName == FunctionName.BORROW_WITHDRAW) {
            digest = _hashTypedDataV4(
                keccak256(
                    abi.encode(
                        keccak256("OdosPermit(bytes odosExecutionData)"),
                        odosExecutionData
                    )
                )
            );
        }

        address signer = ECDSA.recover(digest, signature);
        bytes32 hashedSigner = keccak256(abi.encodePacked(signer));
        if (hashedSigner == hashedAdminTwo) {
            return true;
        } else {
            return false;
        }
    }

E.x. there are two positions. E.x.there is upside - 1 wrsETH after first withdraw and 2 wrsEth after second withdraw. Target for odos swap is TREASURY from tests. Everything goes normal user uses 1 signature for first withdrawal - 1 wrsETH exchange for 1000 udst to treasury Everything goes normal user uses second signature for second withdrawal - 2 wrsETH exchange for 2000 udst to treasury

Attacker uses first signature for second withdrawal 1 wrsETH exchange for 1000 udst, but upside left - 2 wrsETH - 1 wrsETH=1wrsETH left unaccounting. Which means some holders will not receive their stake which leads to depeging as the point of protocol to catch upside and distribute correctly

Internal pre-conditions

none

External pre-conditions

none

Attack Path

use odos data from first withdrawal and use it on another withdrawal.

Impact

holders will not receive their stake which leads to depeging as the point of protocol to catch upside and distribute correctly

PoC

Mitigation

Add nonce to invalidate that signature that already used