Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove Endian.reverse256 from Bitcoin Address Generation in _generateAddress Function #79

Open
hats-bug-reporter bot opened this issue Jul 9, 2024 · 1 comment
Open

Remove Endian.reverse256 from Bitcoin Address Generation in _generateAddress Function #79

hats-bug-reporter bot opened this issue Jul 9, 2024 · 1 comment
Labels
Invalid - lead auditor invalid This doesn't seem right

Comments

@hats-bug-reporter
Copy link

Github username: --
Twitter username: --
Submission hash (on-chain): 0x437dad457eb502b604e3ae7ec841f5cdc371a3ce25de6e513f7f81274563904b
Severity: medium

Description:
Description
The _generateAddress function in BitcoinAbstractWallet.sol includes an unnecessary call to Endian.reverse256 when calculating the checksum for a Bitcoin address. This can lead to incorrect checksum generation, potentially causing invalid Bitcoin addresses.This issue proposes removing the Endian.reverse256 call to simplify the checksum calculation and **align with standard Bitcoin address generation**(please check references attached below).

Attack Scenario
Describe how the vulnerability can be exploited.

Attachments

  1. Proof of Concept (PoC) File
function _generateAddress(bytes20 _dstHash, bytes1 _type) internal pure returns (bytes memory) {
    bytes memory addressData = bytes.concat(_dstHash);
    bytes32 checksum = bytes32(
        Endian.reverse256(
            uint256(BitcoinUtils.doubleSha256(abi.encodePacked(_type, addressData)))
        )
    );

    return abi.encodePacked(_type, addressData, bytes4(checksum));
}
  • The Endian.reverse256 function reverses the byte order of the checksum, which is not required for standard Bitcoin address generation.
  • This can result in an incorrect checksum, leading to invalid Bitcoin addresses.

References:

below is the Standard generation of checksum

https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses#How_to_create_Bitcoin_Address:~:text=5%20%2D%20Perform%20SHA,c7f18fe8

https://bitcoin.stackexchange.com/questions/32353/how-do-i-check-the-checksum-of-a-bitcoin-address

https://www.freecodecamp.org/news/how-to-create-a-bitcoin-wallet-address-from-a-private-key-eca3ddd9c05f/#:~:text=Checksum,8%20hex%20digits).

  1. Revised Code File (Optional)
function _generateAddress(bytes20 _dstHash, bytes1 _type) internal pure returns (bytes memory) {
    bytes memory addressData = bytes.concat(_dstHash);
    bytes32 checksum = bytes32(
        BitcoinUtils.doubleSha256(abi.encodePacked(_type, addressData))
    );

    return abi.encodePacked(_type, addressData, bytes4(checksum));
}

the above _generateAddress() function with standard implementation
@hats-bug-reporter hats-bug-reporter bot added the bug Something isn't working label Jul 9, 2024
@party-for-illuminati party-for-illuminati added invalid This doesn't seem right and removed bug Something isn't working labels Jul 9, 2024
@party-for-illuminati
Copy link
Collaborator

illuminex-0x0bb4aa1f58719707405c231fcdf0b405714799cf/packages/contracts/contracts/illuminex/xengine/chains/btc/BitcoinUtils.sol

Line 216 in 3ad7c2a

function _doubleSha256(bytes memory data) internal pure returns (bytes32) {

We need to un-reverse it since doubleSha256 is reversing it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Invalid - lead auditor invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rotcivegaf @party-for-illuminati