Code4renaCODE423N4:2023-04-ENS-FINDINGS-ISSUES-206Unvalidated External Library Usage in RSASHA256Algorithm
Lines of code
<https://github.com/code-423n4/2023-04-ens/blob/45ea10bacb2a398e14d711fe28d1738271cd7640/contracts/dnssec-oracle/algorithms/RSASHA256Algorithm.sol#L5>
Vulnerability details
Impact
A hacker could exploit this vulnerability to inject malicious code into the contract, potentially allowing them to steal user funds or take control of the contract.
Proof of Concept
To demonstrate the attack vector, lets deploy a malicious version of the RSAVerify library and trick the contract into using it, by deploying a new contract that imports the RSAVerify library and then calling the verify function in the RSASHA256Algorithm contract, here is malicious RSAVerify library that we can deploy.
pragma solidity ^0.8.4;
library RSAVerify {
function rsarecover(
bytes memory _modulus,
bytes memory _exponent,
bytes memory _sig
) public pure returns (bool, bytes memory) {
bytes memory message = new bytes(32);
return (true, message);
}
}
The function called βrsarecoverβ in the given instance consistently produces a message of 32 bytes with a true value, this can be exploited by creating a contract with the same name βRSAVerifyβ and deceive the RSASHA256Algorithm contract to use it.
Tools Used
VSCODE
Recommended Mitigation Steps
To fix this vulnerability, the contract should import the RSAVerify library using a full path to ensure it uses the intended version. The contract must also validate the version and source of the RSAVerify library to prevent any unauthorized changes. Additionally, a system for monitoring and updating external libraries should be implemented to ensure they remain secure.
The text was updated successfully, but these errors were encountered:
All reactions