🔏Reusing EIP-712 Signatures in Private Sales

One type of vulnerability that can arise in smart contracts involving off-chain signatures is the risk of signature reuse, particularly in the context of private sales. EIP-712 is a widely used standard for hashing and signing structured data, enabling efficient off-chain signature verification. However, without proper nonce or state management, these signatures can be exploited, leading to unintended actions such as unauthorized or repeat purchases. This section will focus on the vulnerability type where EIP-712 signatures are reused maliciously, leading to significant financial or asset loss.

How the Vulnerability Works

When EIP-712 is used in private sales or transaction authorizations, the signed data typically includes relevant information such as the buyer, seller, asset ID, sale price, and expiration date. Once signed by the seller, the buyer can submit the signature to the smart contract to execute the transaction. This process allows for trustless and decentralized transactions, but without proper protections, the signature can be used more than once under certain conditions.

Scenario Overview:

1. Original Sale: The seller generates an EIP-712 signature, allowing the buyer to purchase an NFT or other asset. The buyer provides the signature to the contract, the transaction is validated, and the sale goes through.

2. Re-acquisition by Seller: If the seller repurchases or regains ownership of the NFT, the original buyer can reuse the EIP-712 signature, allowing them to buy back the NFT again without needing a new signature from the seller.

3. Exploitation: The original buyer uses the same signature to reacquire the NFT at the original price, potentially exploiting any price appreciation in the meantime.

Example:

• Step 1: Joe, the NFT seller, signs a transaction allowing Rachel to purchase an NFT.

• Step 2: Rachel submits the signed transaction to the smart contract and purchases the NFT.

• Step 3: Joe buys back the NFT at a later time.

• Step 4: Rachel reuses the old EIP-712 signature to buy back the NFT at the original price, even if the NFT's value has increased significantly.

This vulnerability stems from the fact that there are no checks to prevent signature reuse in such scenarios, leaving the contract open to exploitation.

Why This Happens:

The main issue here is the lack of nonce or state tracking for the EIP-712 signature. Nonce values are typically used in smart contracts to ensure that each transaction is unique and cannot be replayed in different contexts. Without the use of a nonce, signatures can remain valid across multiple transactions, allowing for malicious reuse.

In addition, some smart contracts fail to track changes in asset ownership after a sale, meaning that the same conditions (such as the buyer and seller relationship) are assumed to be valid long after the initial sale has taken place.

Mitigation Strategies:

1. Nonce Management:

   • The simplest and most effective way to prevent signature reuse is to include a nonce when generating the EIP-712 signature. This nonce can be incremented after each transaction, ensuring that a signature can only be used once.

   • Example: Every time an NFT is sold, the contract assigns a new nonce to the sale, and the buyer must include this nonce when submitting their purchase. After the transaction, the nonce is invalidated, preventing the signature from being reused.