Thread Rating:
- 0 Vote(s) - 0 Average
- 1
- 2
- 3
- 4
- 5
|
Signature Reply Attack
|
Posts: 15
Threads: 9
Joined: Jan 2023
Reputation:
1
balance: 0 R
02-06-2023, 02:50 PM
Please login or register to view this content
Posts: 89
Threads: 0
Joined: Jan 2023
Reputation:
0
balance: 0 R
(02-06-2023, 02:50 PM)_blockchainer_ Wrote: Signature vulnerablities on solidity are tricky to discover but attacker can make a devastating attack once discovered.
![[Image: FI-mak4WYAM5DyL?format=jpg&name=large]](https://pbs.twimg.com/media/FI-mak4WYAM5DyL?format=jpg&name=large)
the code on the above snippet looks alright? no. You can reply signatures since both parameters on the messageHash/_to and _amount/ are in control of the user and there is nothing hidden/unique for the variable messageHash. when we study about Signature attacks we get to know that randomness, which is really a hot issue for the blockchain. since everything is transparent there is not true randomness here. and this core blockchain problem was a problem for signature verification too. With no randomness, how is that possible to make unique signature? looks impossible but there is a concept and also an implementation called "Oracle" with that you can feed datas, like price data, numbers and other. with a oracle this data comes from outside of blockchain. this fails blockchain from being decentralized ,huh? yes. but there is a way to make oracle network decentralized. soon we may get a chance to study possible vulnerablities when using oracle chains.
Wormhole bridge exploit(the second biggest ETH hack up to the date) was performed by malicious use of signatures.
Bonus: If you want to become good with solidity security, read the official solidity Documentation. that will help you a lot.
thanks
|
| Users browsing this thread: |
|
1 Guest(s)
|
