Skip to content

Latest commit

 

History

History
23 lines (15 loc) · 842 Bytes

074.md

File metadata and controls

23 lines (15 loc) · 842 Bytes

Droll Shamrock Jaguar

Medium

Signature replay possible in GovernanceStakerOnBehalf, as chainID is not added to the signature

Summary

As the protocol is going to be deployed on multiple chains "Ethereum, Arbitrum, Rari Chain, zkSync Mainnet, Base, Polygon, OP Mainnet", this could mean that signatures could be reused to stake/stake more on behalf of a user.

Vulnerability Detail

There is no chain.id in the signed data

Impact

If a malicious user does a stakeOnBehalf, stakeMoreOnBehalf, chainId is missing which means that the same stake can be replayed on a different chain for the same account.

Code Snippet

https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/extensions/GovernanceStakerOnBehalf.sol#L82-L96

Tool used

Manual Review

Recommendation

Include the chain.id in what's hashed