In the contract, Eva can reuse a valid signature of Alice’s because the verification doesn’t involve the transaction sender’s address, nonce or anything particular to a user and a transaction.

The whitelist users are supposed to call the mint_approved function to mint the NFT.

This function accepts three parameters:

• info, a struct contains an address from and the signature to verify.

     struct vData {
          bool mint_free;
          uint256 max_mint;
          address from;
          uint256 start;
          uint256 end;
          uint256 eth_price;
          uint256 dust_price;
          bytes signature;
      }
  

• number_of_items_requested, the number of tokens to mint. In fact, there is no limit for whitelist users. You can mint as much as you want to.

• _batchNumber, in the whitelist sale, should be 0.

Now let’s see how the signature is verified. The verification is quite straightforward.

We need to focus on the input of the signature verification.

By tracking the dataflow of data <- hash <- cat <- info, we can see that the signature uses a from address and some common data. However, the from address in the calldata is arbitrary. So anyone can copy the whole of calldata from a valid transaction and pass the signature verification to mint tokens.

As I mentioned above, there is no limit on the number of tokens to mint. Simply changing to number_of_items_requested allows you to mint any number of tokens.

https://blocksecteam.medium.com/how-to-verify-a-signature-in-a-wrong-way-the-associationnft-case-5a913e9b8a1d

In the contract, Eva can reuse a valid signature of Alice’s because the verification doesn’t involve the transaction sender’s address, nonce or anything particular to a user and a transaction.

The whitelist users are supposed to call the mint_approved function to mint the NFT.

This function accepts three parameters:

• info, a struct contains an address from and the signature to verify.

     struct vData {
          bool mint_free;
          uint256 max_mint;
          address from;
          uint256 start;
          uint256 end;
          uint256 eth_price;
          uint256 dust_price;
          bytes signature;
      }
  

• number_of_items_requested, the number of tokens to mint. In fact, there is no limit for whitelist users. You can mint as much as you want to.

• _batchNumber, in the whitelist sale, should be 0.

Now let’s see how the signature is verified. The verification is quite straightforward.

We need to focus on the input of the signature verification.

By tracking the dataflow of data <- hash <- cat <- info, we can see that the signature uses a from address and some common data. However, the from address in the calldata is arbitrary. So anyone can copy the whole of calldata from a valid transaction and pass the signature verification to mint tokens.

As I mentioned above, there is no limit on the number of tokens to mint. Simply changing to number_of_items_requested allows you to mint any number of tokens.

https://blocksecteam.medium.com/how-to-verify-a-signature-in-a-wrong-way-the-associationnft-case-5a913e9b8a1d