Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AlterDelegatee signature is weak and can be misused #159

Closed
c4-bot-9 opened this issue Mar 4, 2024 · 10 comments
Closed

AlterDelegatee signature is weak and can be misused #159

c4-bot-9 opened this issue Mar 4, 2024 · 10 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-205 grade-b 🤖_23_group AI based duplicate group recommendation unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@c4-bot-9
Copy link
Contributor

c4-bot-9 commented Mar 4, 2024

Lines of code

https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L110

Vulnerability details

Impact

The implementation of the AlterDelegatee signature in the system is vulnerable due to its weak structure, potentially leading to undesired delegations of voting power. This weakness allows for manipulation that could affect governance proposal outcomes.

Proof of Concept

Consider the following scenario:

  1. Alice stakes funds and decides to delegate her voting power to Bob for Governance proposal Agreements & Disclosures #1, creating an off-chain AlterDelegatee signature which she sends to Bob.
  2. Bob retains the signature without executing alterDelegateeOnBehalf().
  3. Alice aims to change her delegate to Charlie for an important Governance proposal High level access functions can create points of failure (Not captured by 4nalyzer)  #2 and uses alterDelegatee() to do so.
  4. Right before the snapshot for voting power, Bob uses the previously issued signature to delegate Alice's voting power to himself for Governance proposal High level access functions can create points of failure (Not captured by 4nalyzer)  #2, against Alice's current intent.

This misuse occurs because the signature for AlterDelegatee does not specify a deadline or confirm the current delegatee, enabling unintended delegations.

Tools Used

Manual Review

Recommended Mitigation Steps

To enhance the security and specificity of the AlterDelegatee process, implement the following changes:

  • Introduce a deadline parameter to the signature, mirroring the time-bound security found in permitAndXXX() methods. This ensures the signature cannot be used after a certain time, preventing delayed misuse.
  • Include the oldDelegatee address in the signature. This addition requires that any delegation change must explicitly state the transition from the current delegatee to a new one, adding an extra layer of validation and preventing unauthorized changes.

Assessed type

Governance
@c4-bot-9 c4-bot-9 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Mar 4, 2024
c4-bot-7 added a commit that referenced this issue Mar 4, 2024
@c4-bot-7
marchev issue #159
4aabbc3
@c4-bot-12 c4-bot-12 added the 🤖_23_group AI based duplicate group recommendation label Mar 5, 2024
@c4-judge c4-judge added downgraded by judge Judge downgraded the risk level of this issue QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Mar 7, 2024
@c4-judge
Copy link
Contributor

c4-judge commented Mar 7, 2024

MarioPoneder changed the severity to QA (Quality Assurance)

@c4-judge c4-judge added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value and removed downgraded by judge Judge downgraded the risk level of this issue QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Mar 7, 2024
@c4-judge
Copy link
Contributor

c4-judge commented Mar 7, 2024

This previously downgraded issue has been upgraded by MarioPoneder

@c4-judge c4-judge closed this as completed Mar 7, 2024
@c4-judge
Copy link
Contributor

c4-judge commented Mar 7, 2024

MarioPoneder marked the issue as duplicate of #69

@c4-judge c4-judge reopened this Mar 7, 2024
@c4-judge
Copy link
Contributor

c4-judge commented Mar 7, 2024

MarioPoneder marked the issue as not a duplicate

@c4-judge c4-judge closed this as completed Mar 7, 2024
@c4-judge
Copy link
Contributor

c4-judge commented Mar 7, 2024

MarioPoneder marked the issue as duplicate of #205

@c4-judge
Copy link
Contributor

MarioPoneder changed the severity to QA (Quality Assurance)

@c4-judge c4-judge added downgraded by judge Judge downgraded the risk level of this issue QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax grade-b and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Mar 14, 2024
@c4-judge
Copy link
Contributor

MarioPoneder marked the issue as grade-b

@c4-judge
Copy link
Contributor

This previously downgraded issue has been upgraded by MarioPoneder

@c4-judge c4-judge reopened this Mar 17, 2024
@c4-judge c4-judge removed the downgraded by judge Judge downgraded the risk level of this issue label Mar 17, 2024
@c4-judge c4-judge added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value and removed QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax labels Mar 17, 2024
@c4-judge c4-judge added the satisfactory satisfies C4 submission criteria; eligible for awards label Mar 17, 2024
@c4-judge
Copy link
Contributor

MarioPoneder marked the issue as satisfactory

@marchev
Copy link

marchev commented Mar 20, 2024
edited
Loading

@MarioPoneder Can you please remove the grade-b label to avoid this issue mistakenly being treated as QA? This has previously happened in other contests. Thank you!

@CloudEllie CloudEllie added unsatisfactory does not satisfy C4 submission criteria; not eligible for awards and removed satisfactory satisfies C4 submission criteria; eligible for awards labels Mar 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-205 grade-b 🤖_23_group AI based duplicate group recommendation unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@marchev @CloudEllie @c4-judge @c4-bot-9 @c4-bot-12