Omniscia Kyber Network Audit
PancakeSwapInfinityKEMHook Manual Review Findings
PancakeSwapInfinityKEMHook Manual Review Findings
PVK-01M: Overlap of Signature Digests
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | PancakeSwapInfinityKEMHook.sol:L124-L135 |
Description:
The PancakeSwap variant of the Uniswap KEM implementation re-uses the same signature payload during swap operations.
As the signature payload hashes do not utilize contextual variables such as the contract address and are not prefixed with a domain separator, the same signature can be reused across implementations.
Impact:
Signature payloads for the same swap configuration can be reused at least once for the same nonce across implementations.
Example:
124bytes32 digest = keccak256(125 abi.encode(126 sender,127 key,128 params.zeroForOne,129 maxAmountIn,130 maxExchangeRate,131 exchangeRateDenom,132 nonce,133 expiryTime134 )135);136require(137 SignatureChecker.isValidSignatureNow(quoteSigner, digest, signature), InvalidSignature()138);Recommendation:
We advise the signature payload to be prefixed with a unique identifier per KEM implementation, preventing the behaviour specified.
Alleviation:
The Kyber Network team evaluated this exhibit and opted to acknowledge it as they do not consider it to be a vulnerability due to the difference in the PoolKey structures between the Uniswap and PancakeSwap projects.
Specifically, the PancakeSwap data structure contains a single extraneous variable rendering digests to be unique for the same configurations across the two projects.
Nevertheless, we advised the PancakeSwap team to implement proper domains for each project which they opted to acknowledge due to the aforementioned difference between the data types. As such, we consider this exhibit safely acknowledged.