[M-03] DoS Attack on Swapping via Permit2 Possible #1016
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mrice32
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The SwapProxy contract contains the performSwap function, which enables the caller to execute a swap using several different ways: by approving or sending tokens to the specified exchange and by approving tokens through the Permit2 contract.
However, since it is possible to provide any address as the exchange parameter and any call data through the routerCalldata parameter of the performSwap function, the SwapProxy contract may be forced to perform an arbitrary call to arbitrary address.
This could be exploited by an attacker, who could force the SwapProxy contract to call the invalidateNonces function of the Permit2 contract, specifying any spender and a nonce higher than the current one. As a result, the nonce for a given (token, spender) pair will be updated. If the performSwap function is called again later, it will attempt to use a subsequent nonce, which has been invalidated by the attacker and the code inside Permit2 will revert due to nonces mismatch.
As the performSwap function is the only place where the nonce passed to the Permit2 contract is updated, the possibility of swapping a given token on a certain exchange will be blocked forever, which impacts all the functions of the SpokePoolPeriphery contract related to swapping tokens. The attack may be performed for many different (tokens, exchange) pairs.
Consider not allowing the exchange parameter to be equal to the Permit2 contract address.