search
Active Boosts

57236 sc medium accesstoken collection front running attack permanent ownership hijack

Submitted on Oct 24th 2025 at 16:01:27 UTC by @failsafe_intern for Audit Comp | Belongarrow-up-right

  • Report ID: #57236

  • Report Type: Smart Contract

  • Report severity: Medium

  • Target: https://github.com/immunefi-team/audit-comp-belong/blob/main/contracts/v2/utils/SignatureVerifier.sol

  • Impacts:

    • Theft of unclaimed royalties

    • Unintended alteration of what the NFT represents (e.g. token URI, payload, artistic content)

hashtag
Description

hashtag
Vulnerability Overview

Factory.produce() validates AccessTokenInfo signatures but the signed message omits the intended creator/owner and includes no nonce or expiration. Any party with a valid signature can front-run the legitimate creator and deploy the collection under their own ownership, permanently blocking the rightful deployment due to deterministic salt collision.

hashtag
Root Cause

SignatureVerifier.sol:51-72 - checkAccessTokenInfo signature omits creator:

function checkAccessTokenInfo(address signer, AccessTokenInfo memory accessTokenInfo) external view {
    require(
        signer.isValidSignatureNow(
            keccak256(
                abi.encodePacked(
                    accessTokenInfo.metadata.name,
                    accessTokenInfo.metadata.symbol,
                    accessTokenInfo.contractURI,
                    accessTokenInfo.feeNumerator,
                    block.chainid
                )
            ),
            accessTokenInfo.signature
        ),
        InvalidSignature()
    );
}

Missing from hash: intended creator address, nonce, expiration timestamp.

Factory.sol:175-239 - produce sets creator = msg.sender after signature validation:

hashtag
Attack Flow

1

hashtag
Step

Attacker obtains a valid signature (mempool observation, leaked backend data, or social engineering) containing (name, symbol, contractURI, feeNumerator, chainid).

2

hashtag
Step

Attacker front-runs the legitimate creator transaction by calling Factory.produce() first.

3

hashtag
Step

Signature validation passes because only metadata/feeNumerator are checked (LINE 191).

4

hashtag
Step

Factory sets creator = msg.sender (LINE 228) — attacker address becomes collection owner.

5

hashtag
Step

Attacker's collection deployed to deterministic address based on keccak256(abi.encode(name, symbol)). Legitimate creator's transaction reverts with TokenAlreadyExists() (LINE 195).

6

hashtag
Step

Permanent hijack: Same (name, symbol) cannot be redeployed; brand is captured by attacker.

hashtag
Impact

Impact Category: Unintended alteration of what the NFT represents (e.g. token URI, payload, artistic content)

Operational Damage:

  • Complete ownership takeover: Attacker controls collection royalties, minting, metadata, and all creator functions

  • Brand capture: Legitimate creator permanently blocked from using their own collection name/symbol

  • Royalty theft: Attacker receives all secondary sale royalties intended for legitimate creator

  • Reputation damage: Fake collection under attacker control tarnishes brand

  • No recovery: Deterministic deployment prevents legitimate redeployment without contract upgrade

Business Impact:

  • Creators lose anticipated royalty revenue (potentially significant for popular collections)

  • Platform reputation damaged when creators discover collections hijacked

  • Backend signature credentials must be immediately rotated if compromised

  • Legal/customer support costs to resolve ownership disputes

hashtag
Link to Proof of Concept

https://gist.github.com/Joshua-Medvinsky/35c232c0b9da435fd072f742319671c0

hashtag
Proof of Concept

GitHub Gist POC: https://gist.github.com/Joshua-Medvinsky/35c232c0b9da435fd072f742319671c0

Test Results: ✅ 7/7 tests passed (front-running, permanent blocking, royalty theft demonstrated)

hashtag
Prerequisites

hashtag
Attack Execution

1

hashtag
Capture Valid Signature

2

hashtag
Front-Run with Higher Gas

3

hashtag
Verify Hijack

4

hashtag
Legitimate Creator Blocked

5

hashtag
Demonstrate Royalty Theft

hashtag
Expected vs Actual Behavior

Expected: Signature should authorize collection creation only for a specific creator address.

Actual: Signature authorizes collection creation for ANY caller, enabling first-come-first-served ownership race.

hashtag
Recommended Fix

hashtag
Immediate Fix (Contract Upgrade Required)

Modify checkAccessTokenInfo to include the intended creator in the signed payload:

Update Factory.produce to bind the signature to the caller:

Add nonce protection:

  • Add state variable in Factory:

  • Add nonce to AccessTokenInfo struct:

  • Include nonce in signature hash:

  • Validate and increment in produce():

Add expiration timestamp:

  • Add to AccessTokenInfo struct:

  • Validate in produce():

hashtag
Defense-in-Depth Recommendations

  1. Commit-Reveal Scheme: Creator commits to deployment before revealing signature

  2. Allowlist: Maintain on-chain registry of creator addresses authorized to deploy

  3. Two-Step Deployment: Creator registers intent on-chain before final deployment

  4. Backend Rate Limiting: Issue signatures only after verifying requester identity

  5. Signature Revocation: Backend maintains revocable signature registry

hashtag
References

  • Vulnerable Function: checkAccessTokenInfo (SignatureVerifier.sol:51-72)

  • Exploitable Function: produce (Factory.sol:175-239)

  • Ownership Assignment: AccessToken.initialize (AccessToken.sol:86-101)

  • Deterministic Salt: _metadataHash (Factory.sol:193)

Previous56867 sc medium signature collision caused counterfeit accesstoken collections with arbitrary name symbol uriNext57884 sc low staking tier manipulation via erc4626 shares slong

Was this helpful?