Lucene search
K

31 matches found

Code423n4
Code423n4
added 2023/03/19 12:0 a.m.16 views

EVM Elliptic Curve Recovery Discrepancy

Lines of code Vulnerability details Impact The Ecrecover.yul file meant to simulate the ecrecover mechanism as executed by traditional ETH 1.0 consensus mechanisms is incorrect. In detail, it does not conform to the "Homestead" update which introduced an upper-bound check for s values of an r, s,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/30 12:0 a.m.13 views

## [H-02] Return value of 0 from ecrecover not checked

Lines of code Vulnerability details Impact The solidity function ecrecover is used, however the error result of 0 is not checked for. See documentation: "recover the address associated with the public key from elliptic curve signature or return zero on error. " Now you can supply invalid input...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.15 views

incorrect message signer check in ecrecover() and no validation for oracleSigner which would cause all the unsigned messagess to be considered asvalid ones

Lines of code Vulnerability details Impact address oracleSigner has been used to verify signed messages by comparing the return value of ecrecover by oracleSigner. but the return value of ecrecover would be 0x0 and code doesn't check that return value is not 0x0. if owner set oracleSigner as 0x0 ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/25 12:0 a.m.10 views

Holograph contracts can be deployed by any user successfully through user-crafted signature and signer input

Lines of code Vulnerability details Impact HolographFactory.deployHolographableContract deploys holographable smart contract by accepting config, signature and signer inputs. Due to user input signer passed by the caller, it is possible for signature verification to pass by using the known signer...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.13 views

No check if 'ecrecover()' fails

Lines of code Vulnerability details Impact addMember function makes a call to 'ecrecover' to grab the 'community owner' & 'new member'. The problem is that if 'ecrecover' fails it will return a 0 which is currently not guarded against. This was a problem in the famous Polygon Matic token bug. The...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/03 12:0 a.m.20 views

Direct usage of ecrecover allows signature malleability

Lines of code Vulnerability details Impact The permit function of ERC20Permit calls the Solidity ecrecover function directly to verify the given signatures. However, the ecrecover EVM opcode allows malleable non-unique signatures and thus is susceptible to replay attacks. This can leads to permit...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/05 12:0 a.m.23 views

lockWithPermit() function allows for replay attacks and signature malleability

Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol the lockWithPermit function calls permit on the XDEFI token. The problem with simply using permit alone for this is the message that is signed by the owner using the ECDSA algorithm. The message only contains the receiver...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.22 views

return value of 0 from ecrecover not checked

Handle gpersoon Vulnerability details Impact The solidity function ecrecover is used, however the error result of 0 is not checked for. See documentation: "recover the address associated with the public key from elliptic curve signature or return zero on error. " Now you can supply invalid input...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.14 views

Missing zero address check for ecrecover will validate invalid signatures

Handle 0xRajeev Vulnerability details Impact Solidity’s ecrecover returns 0 if signature is invalid. The Sig.sol library does not perform zero address check on ecrecover’s return value and returns it as-is. The validOrderHash function in Swivel which uses Sig.recover compares its return value...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.9 views

functions permit and permitAll can be tricked by an invalid signature

Handle pauliax Vulnerability details Impact When the signature is not valid, ecrecover returns empty 0x0 address. There is a potential check against that: require recoveredAddress != address0 && recoveredAddress == owner || isApprovedForAllownerrecoveredAddress, "INVALIDPERMITSIGNATURE" ; However...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/05/01 12:0 a.m.10 views

Beebots.TradeValid() Will Erroneously Return True When Maker Is Set To Address(0) and makerIds Are Set To The TokenIds of Unminted Beebot NFTs

Handle jvaqa Vulnerability details Impact Beebots.TradeValid Will Erroneously Return True When Maker Is Set To Address0 and makerIds Are Set To The TokenIds of Unminted Beebot NFTs Beebots.verify Returns True No Matter What Signature Is Given When Signer Is Set To address0. This means that...

6.8AI score
Exploits0
Rows per page
Query Builder