Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-04-FRANKENCOIN-FINDINGS-ISSUES-950
HistoryApr 19, 2023 - 12:00 a.m.

Signature malleability for S

2023-04-1900:00:00
Code4rena
github.com
2
ethereum
signature malleability
contracts
replay attacks
fund loss
ecdsa
openzeppelin
malleable value
JSON

Lines of code

Vulnerability details

Impact

Ethereum contracts often assumes that the signature is unique, but signatures can be altered without the possession of the private key and still be valid. The EVM specification defines several so-called ‘precompiled’ contracts one of them being ecrecover which executes the elliptic curve public key recovery. A malicious user can slightly modify the three values v, r and s to create other valid signatures. A system that performs signature verification on contract level might be susceptible to attacks if the signature is part of the signed message hash. Valid signatures could be created by a malicious user to replay previously signed messages.
Resource: <https://swcregistry.io/docs/SWC-117&gt;

This can lead to user’s loosing funds or any unexpected behaviour.

Proof of Concept

Tools Used

Mannual Review

Recommended Mitigation Steps

Use ECDSA contract from OpenZeppelin or add additional check for s:

uint256 constant MALLEABLE_VALUE_S = (0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0);

// Check for malleable value in s.
if (uint256(s) &gt; MALLEABLE_VALUE_S) {
    revert InvalidS();
}

The text was updated successfully, but these errors were encountered:

All reactions

JSON