Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minato7namikazi - Non-Compliant ERC-1271 Signature Validation in AirdropRecipient Contract #776

Open
sherlock-admin4 opened this issue Sep 15, 2024 · 0 comments
Open

Minato7namikazi - Non-Compliant ERC-1271 Signature Validation in AirdropRecipient Contract #776

sherlock-admin4 opened this issue Sep 15, 2024 · 0 comments

Comments

@sherlock-admin4
Copy link
Contributor

sherlock-admin4 commented Sep 15, 2024
edited by sherlock-admin2
Loading

Minato7namikazi

High

Non-Compliant ERC-1271 Signature Validation in AirdropRecipient Contract

Summary

https://github.com/sherlock-audit/2024-08-flayer/blob/0ec252cf9ef0f3470191dcf8318f6835f5ef688c/flayer/src/contracts/utils/AirdropRecipient.sol#L58

The isValidSignature function in AirdropRecipient.sol incorrectly returns bytes4(0xffffffff) for invalid signatures instead of reverting, violating the ERC-1271 standard. This erroneous behavior can be triggered whenever an external protocol or application interacts with the contract, attempting to verify a signature using this function.

3. Proof-of-Concept (PoC) Flow:

  1. External Protocol Interaction: An external protocol, intending to verify a signature, interacts with the isValidSignature function, passing an invalid signature and its corresponding hash.
  2. Incorrect Signature Validation: The isValidSignature function, using SignatureCheckerLib.isValidSignatureNow, determines that the signature is invalid.
  3. Erroneous Return Value: Instead of reverting, as dictated by the ERC-1271 standard, the function returns bytes4(0xffffffff).
  4. False Positive: The external protocol, unaware of this deviation from the standard, interprets bytes4(0xffffffff) as an indication of a valid signature.

4. Impact:

This bug can have severe consequences, particularly for the security and reliability of the AirdropRecipient contract:

  • False Positive Signature Verification: This can lead to the acceptance of forged approvals or execution of unauthorized actions by malicious actors. Imagine a scenario where airdrop claims are authenticated using signatures. A malicious actor could craft an invalid signature and use this bug to claim airdrops that they are not entitled to, depleting funds intended for legitimate recipients.
  • Bypassing Security Measures: External protocols, especially those responsible for critical operations like asset transfers or fund management, rely on the isValidSignature function for security. This bug essentially allows these security measures to be bypassed with an invalid signature.

Recommendation:

The code should be immediately rectified to strictly comply with the ERC-1271 standard. The isValidSignature function must revert for invalid signatures, ensuring robust security and preventing the possibility of exploitation.
@sherlock-admin2 sherlock-admin2 changed the title Rough Corduroy Eagle - Non-Compliant ERC-1271 Signature Validation in AirdropRecipient Contract Minato7namikazi - Non-Compliant ERC-1271 Signature Validation in AirdropRecipient Contract Oct 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin4