We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JMukesh
due to lack of checking of v and s value in recover() it become prone to signature malleability
check out the tryRecover() of ECDSA.sol
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/aefcb3e8aa4ee8da8e2b7022ffe4dcb57fbb0fdf/contracts/utils/cryptography/ECDSA.sol#L147
manual reveiw
add necessary check to make the signature unique
The text was updated successfully, but these errors were encountered:
JMukesh issue #43
2c35895
Duplicate of #61, #43
Sorry, something went wrong.
ecrecover
Duplicate of #61
No branches or pull requests
Handle
JMukesh
Vulnerability details
Impact
due to lack of checking of v and s value in recover() it become prone to signature malleability
Proof of Concept
check out the tryRecover() of ECDSA.sol
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/aefcb3e8aa4ee8da8e2b7022ffe4dcb57fbb0fdf/contracts/utils/cryptography/ECDSA.sol#L147
Tools Used
manual reveiw
Recommended Mitigation Steps
add necessary check to make the signature unique
The text was updated successfully, but these errors were encountered: