7 matches found
Signature malleability in permit function
Lines of code Vulnerability details Impact In the ERC20 contract used to define the interface for tranche tokens the permit function uses ecrecover to verify a signature submitted by the token owner to approve an address to spend its tranche tokens. However there is a well known issue related to...
borrowInternal() of BaseTOFTMarketModule.sol has phantom permit functions
Lines of code Vulnerability details Impact A malicious actor could steal funds from a User who has already done his first deposit. Proof of Concept Consider the case where attacker uses a token with phantom permit function as collateral, the most famous ones being WETH, BNB, HEX etc. Let’s consid...
Possible Front Running on the Permit function
Lines of code Vulnerability details Impact It could cause damage to third parties who use the permit method for transferring the tokens. Proof of Concept The well contract extends the ERC20Permit.sol, which contains a permit function that allow users to transfer assets with signatures. / @dev...
[NAZ-M1] GraphTokenUpgradeable.permit() Should Always Check recoveredAddress != 0
Lines of code Vulnerability details Impact The GraphTokenUpgradeable.permit function ignores the recoveredAddress != 0 check if isApprovedForAllownerrecoveredAddress is true. If a user accidentally set the zero address as the operator, tokens can be stolen by anyone as a wrong signature yield...
Direct usage of ecrecover allows signature malleability
Lines of code Vulnerability details Impact The permit function of ERC20Permit calls the Solidity ecrecover function directly to verify the given signatures. However, the ecrecover EVM opcode allows malleable non-unique signatures and thus is susceptible to replay attacks. This can leads to permit...
use ECDSA helper library instead of ecrecover
Lines of code Vulnerability details use ECDSA helper library instead of ecrecover the function permit adds approval for a spender for a certain amount of value use of ecrecover to validate signatures without a nonce will allow signatures to be replayed to add additional approvals due to signature...
permit() without updating nonce can result in replay attacks
Lines of code Vulnerability details Impact In PermitAndMulticall.sol the permit is called on the permitToken which allows you to sign the meta-transaction while someone else can submit it to the blockchain on your behalf. The problem is that a valid signature might be used several times in other...