Headline
CVE-2023-23940: Add finalize_keccak to is_valid_eth_signature by andrew-fleming · Pull Request #542 · OpenZeppelin/cairo-contracts
OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. is_valid_eth_signature is missing a call to finalize_keccak after calling verify_eth_signature. As a result, any contract using is_valid_eth_signature from the account library (such as the EthAccount preset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts. The issue has been patched in 0.6.1.
@@ -18,7 +18,10 @@ from starkware.starknet.common.syscalls import ( get_contract_address, get_tx_info ) from starkware.cairo.common.cairo_secp.signature import verify_eth_signature_uint256 from starkware.cairo.common.cairo_secp.signature import ( finalize_keccak, verify_eth_signature_uint256 ) from openzeppelin.utils.constants.library import ( IACCOUNT_ID, IERC165_ID, @@ -157,13 +160,16 @@ namespace Account { let (high, low) = split_felt(hash); let msg_hash: Uint256 = Uint256(low=low, high=high);
let (local keccak_ptr: felt*) = alloc(); let (keccak_ptr: felt*) = alloc(); local keccak_ptr_start: felt* = keccak_ptr;
with keccak_ptr { verify_eth_signature_uint256( msg_hash=msg_hash, r=sig_r, s=sig_s, v=sig_v, eth_address=_public_key ); } // Required to ensure sequencers cannot spoof validation check. finalize_keccak(keccak_ptr_start=keccak_ptr_start, keccak_ptr_end=keccak_ptr);
return (is_valid=TRUE); }
Related news
### Cause `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. ### Impact As a result, any contract using `is_valid_eth_signature` from the account library (such as the `EthAccount` preset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts. ### Risk In order to exploit this vulnerability, it is required to control a sequencer or prover since they're the ones executing the hints, being able to inject incorrect keccak results. Today StarkWare is the only party running both a prover or a sequencer, greatly reducing the risk of exploit. ### Patches The issue has been patched in 0.6.1. ### For more information If you have any questions or comments about this advisory: * Open an issue in [the Contracts for Cairo repository](https://github.com/OpenZeppelin/cairo-contracts/issues/new/choose) * Email us at [security@openzepp...