You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
if verifysig is called with the zero address as the _signer any signature will be valid.
this is because ecrecover does not revert on wrong signatures but returns the zero address instead.
Proof of Concept
Tools Used
Recommended Mitigation Steps
revert if the return value of ecrecover is the zero address.
use openzeppelin's ecdsa.sol for further checks on signature verifications.
The text was updated successfully, but these errors were encountered:
Handle
0xito
Vulnerability details
Impact
if
verifysig
is called with the zero address as the_signer
any signature will be valid.this is because ecrecover does not revert on wrong signatures but returns the zero address instead.
Proof of Concept
Tools Used
Recommended Mitigation Steps
revert if the return value of
ecrecover
is the zero address.use openzeppelin's
ecdsa.sol
for further checks on signature verifications.The text was updated successfully, but these errors were encountered: