Deep Dive into High-Profile Crypto Exploits — Part II: NBA’s The Association

Background

In order to understand this exploit, we will try to provide a quick explanation of the relevant terms:

  • ecrecover() — a Solidity function that allows smart contracts to validate that a message is properly signed by a specific address. The signature is computed off-chain and can be shared by the user as a “proof” for the smart contract that it was signed by an expected party.
    It is mainly used to log in to websites (like Opensea) or whitelist addresses in a presale without triggering a blockchain transaction.
    You can read more about it here.

The Attack — A High-level overview

The Association NFT Sale Contract — https://etherscan.io/address/0xdd5a649fc076886dfd4b9ad6acfc9b5eb882e83c#code

function verify(vData memory info) public view returns (bool) {
require(info.from != address(0), "INVALID_SIGNER");
bytes memory cat =
abi.encode(
info.from,
info.start,
info.end,
info.eth_price,
info.dust_price,
info.max_mint,
info.mint_free
);
// console.log("data-->");
// console.logBytes(cat);
bytes32 hash = keccak256(cat);
// console.log("hash ->");
// console.logBytes32(hash);
require(info.signature.length == 65, "Invalid signature length");
bytes32 sigR;
bytes32 sigS;
uint8 sigV;
bytes memory signature = info.signature;
// ecrecover takes the signature parameters, and the only way to get them
// currently is to use assembly.
assembly {
sigR := mload(add(signature, 0x20))
sigS := mload(add(signature, 0x40))
sigV := byte(0, mload(add(signature, 0x60)))
}
bytes32 data =
keccak256(
abi.encodePacked("\x19Ethereum Signed Message:\n32", hash)
);
address recovered = ecrecover(data, sigV, sigR, sigS);
return signer == recovered;
}
require(msg.sender == info.from, "The sender is not in the whitelist");

Prevention

This attacker is a rather simple one and could be exploited by nearly anyone with a basic understanding of Solidity.

Summary

The main lesson here is to understand how signatures in solidity work and that they are publicly available to everyone, any user can send the signature to the smart contract. Therefore, the verification of the signature should be done in the smart contract.

About Solid Group

Solid Group is a blockchain consulting and auditing service provider founded by cybersecurity experts with a great passion for the cryptocurrency world. We are known for our exceptional out of the box thinking, experience, and our credibility among the community. Throughout our work, our team was able to discover many high severity issues & vulnerabilities. We work with leading companies in the field, helping them increase their resilience through tailored services and solutions.

  • audited token generator ( Generate your own token with NO CODING KNOWLEDGE)
  • sniper bot protection tool
  • Smart contract auditing service

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Solidgroup

Solidgroup

822 Followers

We are a group 3 software developers with combined experience of over 15years in various fields such as Software design, Operating systems, and solidity.