2023 Business CTF: Confidentiality

Challenge Information

Summary

The Board of Arodor has implemented an NFT-based access control system called AccessTokens to restrict access to confidential documents. Only the general secretary can mint new AccessTokens directly, or through digitally-signed authorization documents. Your objective is to obtain an AccessToken by forging a valid signature or finding another exploitation path in the smart contract.

Analysis

The AccessToken contract implements:

• ERC721 NFT standard for token creation
• Owner-only minting via safeMint()
• Signature-based minting via safeMintWithSignature()
• A fixed approval hash: 0x4ed1c9f7e3813196653ad7c62857a519087860f86aff4bc7766c8af8756a72ba

The signature verification uses ECDSA recovery:

function _verifySignature(bytes memory signature) internal view returns (bool) {
    (uint8 v, bytes32 r, bytes32 s) = deconstructSignature(signature);
    address signer = ecrecover(approvalHash, v, r, s);
    return signer == owner;
}

The contract also tracks used signatures to prevent replay attacks with _isSignatureUsed().

Solution

The vulnerability lies in the ECDSA implementation. The challenge is to:

1. Obtain the public key from the contract owner through the blockchain
2. Find or forge a valid signature for the fixed approval hash
3. Call safeMintWithSignature() with the crafted signature
4. Ensure the signature hasn’t been used before

The signature must:

• Be validly signed with the owner’s private key for the approval hash
• Not already exist in the usedSignatures array
• Properly decode into valid (v, r, s) components

Key Takeaways

• ECDSA signature verification requires careful implementation
• The fixed approval hash is a security weakness - consider using message hashing with nonces
• Signature replay protection must be implemented correctly
• NFT access control systems are only as secure as their signing mechanisms
• Always use proper key management for authority functions