jollytesimal.eth - Replay Attack Vulnerability in relayAccessUpdateBatch function leads to Exposure to Unauthorized contract manipulation #72
Comments
sherlock-admin3
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
jollytesimal.eth
High
Replay Attack Vulnerability in relayAccessUpdateBatch function leads to Exposure to Unauthorized contract manipulation
Summary
The contract is vulnerable to replay attacks due to missing nonce or replay protection mechanisms.
Vulnerability Detail
An attacker can replay signed transactions, allowing them to manipulate the contract's state.
Impact
An attacker can steal funds or disrupt contract functionality.
Code Snippet
https://github.com/sherlock-audit/2024-08-perennial-v2-update-3/blob/main/perennial-v2/packages/perennial-account/contracts/Controller_Incentivized.sol#L188-L200
Tool used
Manual Review
Recommendation
Implement nonce or replay protection mechanisms, like using a nonce counter or unique identifiers, to prevent replay attacks.
The text was updated successfully, but these errors were encountered: