3 matches found
Signature malleability in createActionBySig allow an attacker to replicate an attack
Lines of code Vulnerability details Overview The createActionBySig is part of a family of functions that can be called by signature. This functionality is shared with castApprovalBySig and castDisapprovalBySig. However, the last two functions rely on the preCastAssertion function that revert on...
Mssing Crucial Checks When Unlocking funds for Withdraw Requests from L2
Lines of code Vulnerability details Impact Atomicity literally does not exist when users from L2 initiate a withdrawal by burning funds on the contract and sending the message to L1. This is giving malicious attackers plenty of time to stealthily launch a series of small and yet sizable forgery o...
Voting signature malleability of EVM's ecrecover in castVoteBySig
Lines of code Vulnerability details Proof of Concept EVM's ecrecover is susceptible to signature malleability which allows replay attacks, but that is mitigated here by doing receipt.hasVoted = true;. However, if any of the application logic changes, it might make signature malleability a risk fo...