Droll Shamrock Jaguar - Signature replay possible in GovernanceStakerOnBehalf, as chainID is not added to the signature #74
Labels
Won't Fix
The sponsor confirmed this issue will not be fixed
Comments
sherlock-admin3
added
the
Won't Fix
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Droll Shamrock Jaguar
Medium
Signature replay possible in GovernanceStakerOnBehalf, as chainID is not added to the signature
Summary
As the protocol is going to be deployed on multiple chains "Ethereum, Arbitrum, Rari Chain, zkSync Mainnet, Base, Polygon, OP Mainnet", this could mean that signatures could be reused to stake/stake more on behalf of a user.
Vulnerability Detail
There is no
chain.idin the signed dataImpact
If a malicious user does a
stakeOnBehalf,stakeMoreOnBehalf, chainId is missing which means that the same stake can be replayed on a different chain for the same account.Code Snippet
https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/extensions/GovernanceStakerOnBehalf.sol#L82-L96
Tool used
Manual Review
Recommendation
Include the
chain.idin what's hashedThe text was updated successfully, but these errors were encountered: