Credit to Liam Zebedee for finding this bug
The following if from Liam's email notifying us of the vulnerability:
Exploit mechanism: Re-entrancy attacks
If the ERC20.transferFrom call is re-entrant, meaning it will maliciously call back into the Subscription, it is possible to exploit some facts:
//increment the timestamp by the period so it wont be valid until then
nextValidTimestamp[subscriptionHash] = block.timestamp.add(periodSeconds);
This is executed before transferFrom - so a malicious actor (who specifically has engineered their own proxy contract to with a valid nonce/sig for re-entrant calls) can effectively extend their subscription period by periodSeconds every call. Infinite Netflix anyone?
Credit to Liam Zebedee for finding this bug
The following if from Liam's email notifying us of the vulnerability: