Replay attack possibility

[gundas]

Problem description
If the same address is a signer in multiple WalletSimple contract instances, an operation approval signature intended for one contract can be replayed on another WalletSimple contracts.

Cause
The WalletSimple contract address is not included in the operationHash calculation.

Sugested fix
Add address(this) to the operationHash calculation, e.g.:

var operationHash = sha3("ETHER", address(this), toAddress, value, data, expireTime, sequenceId);

[meisser]

Came here to report the same. :)

Btw: do you have an idea about the purpose of the "ETHER" string?

[gundas]

I copied it from the contract code without much thinking:) :
https://github.com/BitGo/eth-multisig-v2/blob/master/contracts/WalletSimple.sol#L130

I think the "ETHER" and "ERC20" strings are added to differentiate between Ether and token signatures. So that Ether transfer signature would not be used for ERC-20 transfer function and vice versa.