Skip to content
This repository has been archived by the owner on Jan 12, 2025. It is now read-only.

smbv-1923 - DOS attack while using repayBorrowWithPermit() #112

Closed
sherlock-admin2 opened this issue Jul 13, 2024 · 0 comments
Closed

smbv-1923 - DOS attack while using repayBorrowWithPermit() #112

sherlock-admin2 opened this issue Jul 13, 2024 · 0 comments
Labels
Non-Reward This issue will not receive a payout

Comments

@sherlock-admin2
Copy link
Contributor

sherlock-admin2 commented Jul 13, 2024
edited
Loading

smbv-1923

Medium

DOS attack while using repayBorrowWithPermit()

Summary

  • DOS attack while using repayBorrowWithPermit()

Vulnerability Detail

  • ERC20Permit uses the nonces mapping for replay protection. Once a signature is verified and approved, the nonce increases, invalidating the same signature being replayed.
    repayBorrowWithPermit() expects the holder to sign their tokens and provide the signature to contract as part of permitData.
  • When a repayBorrowWithPermit() transaction is in the mempool, an attacker can take this signature, call the permit function on the token themselves.
  • Since this is a valid signature, the token accepts it and increases the nonce.
  • This makes the spender's transaction fail whenever it gets mined.

Impact

  • Attacker can make sure all calls to repayBorrowWithPermit() fail.
  • Normal user have to pay more interest as due to increase of block.number

Code Snippet

Tool used

Manual Review

Recommendation

  • In repayBorrowWithPermit() function, check if it has the approval it needs. If not, then only submit the permit signature.
  • Now even if attacker call the permit function on the token themselves before the user then also the function would work properly and no revert would be thrown.

Duplicate of #65
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jul 15, 2024
@sherlock-admin2 sherlock-admin2 changed the title Small Pebble Beaver - DOS attack while using repayBorrowWithPermit() smbv-1923 - DOS attack while using repayBorrowWithPermit() Jul 19, 2024
@sherlock-admin2 sherlock-admin2 added the Reward A payout will be made for this issue label Jul 19, 2024
@WangSecurity WangSecurity removed the Medium A valid Medium severity issue label Aug 9, 2024
@sherlock-admin2 sherlock-admin2 added Non-Reward This issue will not receive a payout and removed Reward A payout will be made for this issue labels Aug 9, 2024
@sherlock-admin4 sherlock-admin4 removed the Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label label Aug 9, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@WangSecurity @sherlock-admin2 @sherlock-admin4