6.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
0.001 Low
EPSS
Percentile
26.7%
is_valid_eth_signature
is missing a call to finalize_keccak
after calling verify_eth_signature
.
As a result, any contract using is_valid_eth_signature
from the account library (such as the EthAccount
preset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts.
In order to exploit this vulnerability, it is required to control a sequencer or prover since they’re the ones executing the hints, being able to inject incorrect keccak results.
Today StarkWare is the only party running both a prover or a sequencer, greatly reducing the risk of exploit.
The issue has been patched in 0.6.1.
If you have any questions or comments about this advisory:
CPE | Name | Operator | Version |
---|---|---|---|
openzeppelin-cairo-contracts | lt | 0.6.1 |