30 matches found
Smart_Contract_Researcher_POC
Smart Contract Security Research Portfolio hailthelord...
Authentication Bypass
libxml2 is vulnerable to an Authentication Bypass. The vulnerability is due to a flaw in the XML canonicalization process used during transformations, which allows an attacker to reuse a previously generated valid signature to replay requests and bypass authentication checks...
GHSA-X4H9-GWV3-R4M4 Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...
GHSA-C4CC-X928-VJW9 robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation
Summary An authentication bypass vulnerability exists due to a flaw in the libxml2 canonicalization process, which is used by xmlseclibs during document transformation. This weakness allows an attacker to generate a valid signature once and reuse it indefinitely. In practice, a signature created...
robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation
Summary An authentication bypass vulnerability exists due to a flaw in the libxml2 canonicalization process, which is used by xmlseclibs during document transformation. This weakness allows an attacker to generate a valid signature once and reuse it indefinitely. In practice, a signature created...
One Signature, Multiple Payments: Demystifying and Detecting Signature Replay Vulnerabilities in Smart Contracts
Smart contracts have significantly advanced blockchain technology, and digital signatures are crucial for reliable verification of contract authority. Through signature verification, smart contracts can ensure that signers possess the required permissions, thus enhancing security and scalability...
Signature Replay Vulnerability
github.com/babylonlabs-io/babylon is vulnerable to a signature replay vulnerability. The vulnerability is due to insufficient message domain separation and inadequate length validation in the MsgCommitPubRandList handler, which allows attackers to replay valid signatures on maliciously crafted...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient validation in the MsgCommitPubRandList handler, combined with a lack of domain separation in signed messages. An attacker can store an invalid PubRand commitment by crafting the message parameters ...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation due to insufficient validation in the MsgCommitPubRandList handler, combined with a lack of domain separation in signed messages. An attacker can store an invalid PubRand commitment by crafting the message parameters ...
Malicious sub-account operators can perform cross-chain signature replay attack
Lines of code Vulnerability details Impact Malicious sub-account operators can perform policy or transactions not allowed to the specific chain but allowed in other chain. This is possible due to cross-chain signature replay attack. Proof of Concept To describe the attack, for example, let us hav...
[H-01] GovernorCountingOverridable.castVoteBySig()/castVoteWithReasonAndParamsBySig(): Possible signature replay attacks to influence proposal execution
Lines of code Vulnerability details Impact In the GovernorCountingOverridable.sol inherited by LivePeerGovernor.sol, users can provide a signature to allow someone else to vote on their behalf using the castVoteBySig/castVoteWithReasonAndParamsBySig function since this functions are not overriden...
Signatures can be replayed in castVoteWithReasonAndParamsBySig() to use up more votes than a user intended
Lines of code Vulnerability details Bug Description In the SecurityCouncilNomineeElectionGovernor and SecurityCouncilMemberElectionGovernor contracts, users can provide a signature to allow someone else to vote on their behalf using the castVoteWithReasonAndParamsBySig function, which is in...
Security council election are vulnerable to signature replay attack
Lines of code Vulnerability details Impact SecurityCouncilNomineeElectionGovernor and SecurityCouncilMemberElectionGovernor contracts both inherit castVoteWithReasonAndParamsBySig function from the base GovernorUpgradeable contract, but implement custom countVote function respectively. The...
Schedule recovery DOS by front-running with original schedule recovery transaction if no other transaction is executed
Lines of code Vulnerability details Description If after scheduling a recovery no transaction is executed, anyone can DOS the execution of this scheduled recovery by a signature replay attack given that the nonce is not increased Impact DOS of scheduled recovery execution if after a recovery is...
Wrong Implementation of EIP-712
Lines of code Vulnerability details Impact The EIP-712 uses several parameters. Those parameters are exactly: EIP712Domain string name; string version; uint256 chainId; address verifyingContract; As you can see on the following Domain, ZkSync, is missing one parameter: bytes32 constant...
Signature replay attacks possible if deployed on multiple chains
Lines of code Vulnerability details Caller.callSigned operates using an EIP-712 signature which verifies the signed data to be used in a call on behalf of the signer. The problem with this method lies in the fact that it doesn't specify the chain ID, and thus if the contract is ever deployed to...
Signature Replay no nonce
Lines of code Vulnerability details Impact There is a signature replay vulnerability. That means that the signature can be reused in the same contract from anyone calling. The vulnerability relies in the fact that there is no nonce specified for every caller. This means that you can take a...
Signature Replay Attack when EntryPoint contract is changed
Lines of code Vulnerability details Signature Replay Attack when EntryPoint contract is changed Impact User operations can be replayed on smart accounts once the EntryPoint is changed. This can lead to user's loosing funds or any unexpected behaviour that transaction replay attacks usually lead t...
CVE-2022-2226
An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an...
Upgraded Q -> M from 42 [1666367610163]
Judge has assessed an item in Issue 42 as Medium risk. The relevant finding follows: Permit signature replay across forks Details: GolomTrader.sol defines chainId at contract deployment without reconstructing it for every signature. However, as stated in the security considerations section of...