Please login or register to view this content

(02-06-2023, 02:50 PM)_blockchainer_ Wrote: Signature vulnerablities on solidity are tricky to discover but attacker can make a devastating attack once discovered.


the code on the above snippet looks alright? no. You can reply signatures since both parameters on the messageHash/_to and _amount/ are in control of the user and there is nothing hidden/unique for the variable messageHash. when we study about Signature attacks we get to know that randomness, which is really a hot issue for the blockchain. since everything is transparent there is not true randomness here. and this core blockchain problem was a problem for signature verification too. With no randomness, how is that possible to make unique signature? looks impossible but there is a concept and also an implementation called "Oracle" with that you can feed datas, like price data, numbers and other. with a oracle this data comes from outside of blockchain. this fails blockchain from being decentralized ,huh? yes. but there is a way to make oracle network decentralized. soon we may get a chance to study possible vulnerablities when using oracle chains.



Wormhole bridge exploit(the second biggest ETH hack up to the date) was performed by malicious use of signatures.

Bonus: If you want to become good with solidity security, read the official solidity Documentation. that will help you a lot.


thanks