Lucene search
K

7 matches found

Code423n4
Code423n4
added 2023/09/14 12:0 a.m.11 views

Signature malleability in permit function

Lines of code Vulnerability details Impact In the ERC20 contract used to define the interface for tranche tokens the permit function uses ecrecover to verify a signature submitted by the token owner to approve an address to spend its tranche tokens. However there is a well known issue related to...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.12 views

borrowInternal() of BaseTOFTMarketModule.sol has phantom permit functions

Lines of code Vulnerability details Impact A malicious actor could steal funds from a User who has already done his first deposit. Proof of Concept Consider the case where attacker uses a token with phantom permit function as collateral, the most famous ones being WETH, BNB, HEX etc. Let’s consid...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.16 views

Possible Front Running on the Permit function

Lines of code Vulnerability details Impact It could cause damage to third parties who use the permit method for transferring the tokens. Proof of Concept The well contract extends the ERC20Permit.sol, which contains a permit function that allow users to transfer assets with signatures. / @dev...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/12 12:0 a.m.8 views

[NAZ-M1] GraphTokenUpgradeable.permit() Should Always Check recoveredAddress != 0

Lines of code Vulnerability details Impact The GraphTokenUpgradeable.permit function ignores the recoveredAddress != 0 check if isApprovedForAllownerrecoveredAddress is true. If a user accidentally set the zero address as the operator, tokens can be stolen by anyone as a wrong signature yield...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/03 12:0 a.m.20 views

Direct usage of ecrecover allows signature malleability

Lines of code Vulnerability details Impact The permit function of ERC20Permit calls the Solidity ecrecover function directly to verify the given signatures. However, the ecrecover EVM opcode allows malleable non-unique signatures and thus is susceptible to replay attacks. This can leads to permit...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/22 12:0 a.m.14 views

use ECDSA helper library instead of ecrecover

Lines of code Vulnerability details use ECDSA helper library instead of ecrecover the function permit adds approval for a spender for a certain amount of value use of ecrecover to validate signatures without a nonce will allow signatures to be replayed to add additional approvals due to signature...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/22 12:0 a.m.12 views

permit() without updating nonce can result in replay attacks

Lines of code Vulnerability details Impact In PermitAndMulticall.sol the permit is called on the permitToken which allows you to sign the meta-transaction while someone else can submit it to the blockchain on your behalf. The problem is that a valid signature might be used several times in other...

6.9AI score
Exploits0
Rows per page
Query Builder