Albort - Unauthorized Nonce Cancellation in VerifierBase Contract

[sherlock-admin4]

Albort

High

Unauthorized Nonce Cancellation in VerifierBase Contract

Summary

A critical security vulnerability has been identified in the VerifierBase contract, specifically within the nonce cancellation logic. The flaw allows an attacker to cancel nonces belonging to other users without authorization, potentially leading to Denial-of-Service (DoS) attacks or other security breaches.

Vulnerability Detail

The VerifierBase contract lacks proper validation to ensure that only the account owner can cancel their own nonces. Specifically, the validateAndCancel modifier does not verify that common.account is equal to common.signer. This omission allows an attacker to cancel nonces for any account by providing a valid signature from their own account.

1.	Preparation:
The attacker constructs a Common struct where:
•	common.account is set to the victim’s address.
•	common.signer is set to the attacker’s own address.
•	Other fields (nonce, group, expiry) are filled as needed.
2.	Signature Generation:
•	The attacker signs the Common struct with their own private key.
3.	Nonce Cancellation:
•	The attacker calls the cancelNonceWithSignature function, passing the crafted Common struct and the signature.
4.	Result:
•	Due to the lack of proper validation, the contract accepts the signature (since it matches common.signer).
•	The nonce for common.account (the victim) is canceled without the victim’s consent.

Impact

Denial-of-Service (DoS): Attackers can repeatedly cancel nonces for target accounts, preventing them from executing legitimate transactions that depend on those nonces.
Security Breach: Compromised nonce management could lead to further vulnerabilities, including replay attacks if nonce-dependent mechanisms are not reliable.

Code Snippet

abstract contract VerifierBase is IVerifierBase, EIP712 {
// ... [other code]

/// @dev Validates the common data of a message
modifier validateAndCancel(Common calldata common, bytes calldata signature) {
    if (common.domain != msg.sender) revert VerifierInvalidDomainError();
    if (signature.length != 65) revert VerifierInvalidSignatureError();
    if (nonces[common.account][common.nonce]) revert VerifierInvalidNonceError();
    if (groups[common.account][common.group]) revert VerifierInvalidGroupError();
    if (block.timestamp >= common.expiry) revert VerifierInvalidExpiryError();

    _cancelNonce(common.account, common.nonce);

    _;
}

}

https://github.com/sherlock-audit/2024-08-perennial-v2-update-3/blob/main/root/contracts/verifier/VerifierBase.sol#L76

Tool used

Manual Review

Recommendation

modifier validateAndCancel(Common calldata common, bytes calldata signature) {
if (common.domain != msg.sender) revert VerifierInvalidDomainError();
if (signature.length != 65) revert VerifierInvalidSignatureError();
if (nonces[common.account][common.nonce]) revert VerifierInvalidNonceError();
if (groups[common.account][common.group]) revert VerifierInvalidGroupError();
if (block.timestamp >= common.expiry) revert VerifierInvalidExpiryError();

// Added validation to ensure only the account owner can cancel their nonce
if (common.account != common.signer) revert VerifierInvalidSignerError();

_cancelNonce(common.account, common.nonce);

_;

}