Not a member yet? Why not Sign up today
Create an account  

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Signature Reply Attack

#1
Photo 

Please login or register to view this content

Reply

#2
awesome
Reply

#3
(02-06-2023, 02:50 PM)_blockchainer_ Wrote: Signature vulnerablities on solidity are tricky to discover but attacker can make a devastating attack once discovered.
[Image: FI-mak4WYAM5DyL?format=jpg&name=large]

the code on the above snippet looks alright? no. You can reply signatures since both parameters on the messageHash/_to and _amount/ are in control of the user and there is nothing hidden/unique for the variable messageHash. when we study about Signature attacks we get to know that randomness, which is really a hot issue for the blockchain. since everything is transparent there is not true randomness here. and this core blockchain problem was a problem for signature verification too. With no randomness, how is that possible to make unique signature? looks impossible but there is a concept and also an implementation called "Oracle" with that you can feed datas, like price data, numbers and other. with a oracle this data comes from outside of blockchain. this fails blockchain from being decentralized ,huh? yes. but there is a way to make oracle network decentralized. soon we may get a chance to study possible vulnerablities when using oracle chains.



Wormhole bridge exploit(the second biggest ETH hack up to the date) was performed by malicious use of signatures.

Bonus: If you want to become good with solidity security, read the official solidity Documentation. that will help you a lot.


thanks
Reply



Forum Jump:


Users browsing this thread:
1 Guest(s)