Community's escrow allows for signature replay

Lines of code Vulnerability details checkSignatureValidity verification by signature do not utilize nonces and can be tricked by using owner / builder signatures from earlier calls. Namely, while checkSignatureValidity's approvedHashes based way can used only once as it deletes the corresponding...

Attacker can use the same param to call Community.escrow() multiple times and reduce all the debt

Lines of code Vulnerability details Impact In Community contract, function escrow is used to reduce debt when lender comed in terms with the builder and agent to reduce debt. It checks that all lender, builder and agent are signed the data. But the issue is there is no nonce value in data which...