How to verify a signature in a wrong way — the AssociationNFT case
The root cause of the vulnerability is the incorrect use of signature verification. Basically, the contract fails to ensure that the signature can only be used by the user (and only the user) once. In this case, the attacker can reuse a privileged user’s signature and mint tokens to him/herself.
We can see that in the
verify function, there is no sender's address in the signature. Besides, there is no mechanism to include a nonce to ensure that the signature can only be used once. These security requirements are the basic knowledge in the software security class.
We are surprised that how such a vulnerability can exist in a popular NFT project. The whole community needs to pay more attention to the security of the contract.
The BlockSec Team focuses on the security of the blockchain ecosystem, and collaborates with leading DeFi projects to secure their products. The team is founded by top-notch security researchers and experienced experts from both academia and industry. The core founder of the team has been recognized as the Most Influential Scholar Award (Rank 4 from 2012–2021), in the field of security and privacy. They have published multiple blockchain security papers in prestigious conferences, reported several zero-day attacks of DeFi applications, and released detailed analysis reports of high-impact security incidents.