Vyper Does Not Check the Success of Certain Precompile Calls

Summary When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be...

Signature malleability can occur by using EVM's ecrecover

Lines of code Vulnerability details Impact EVM's ecrecover is susceptible to signature malleability which allows replay attacks, check this. Proof of Concept OffChainSignatureValidator in its function isValidSignature checks for signature validity by using vulnerable method of ecrecover. address...

CVE-2023-37902

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

PYSEC-2023-133

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

Design/Logic Flaw

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

CVE-2023-37902 Vyper's ecrecover can return undefined data if signature does not verify

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

ecrecover can return undefined data if signature does not verify

Impact the ecrecover precompile does not fill the output buffer if the signature does not verify, see https://github.com/ethereum/go-ethereum/blob/b058cf454b3bdc7e770e2b3cec83a0bcb48f55ee/core/vm/contracts.goL188. however, the ecrecover builtin will still return whatever is at memory location 0...

ecrecover function is vulnerable to signature malleability

Lines of code Vulnerability details Impact Signature malleability potential exists which can be carried out by malicious actor to have two or more signatures that recover signer of same message. ecrecover function can be used to recover address by having signature and signed message hash to which...

EVM Elliptic Curve Recovery Discrepancy

Lines of code Vulnerability details Impact The Ecrecover.yul file meant to simulate the ecrecover mechanism as executed by traditional ETH 1.0 consensus mechanisms is incorrect. In detail, it does not conform to the "Homestead" update which introduced an upper-bound check for s values of an r, s,...

Holograph contracts can be deployed by any user successfully through user-crafted signature and signer input

Lines of code Vulnerability details Impact HolographFactory.deployHolographableContract deploys holographable smart contract by accepting config, signature and signer inputs. Due to user input signer passed by the caller, it is possible for signature verification to pass by using the known signer...

Direct usage of ecrecover allows signature malleability

Lines of code Vulnerability details Impact The permit function of ERC20Permit calls the Solidity ecrecover function directly to verify the given signatures. However, the ecrecover EVM opcode allows malleable non-unique signatures and thus is susceptible to replay attacks. This can leads to permit...

Missing zero address check for ecrecover will validate invalid signatures

Handle 0xRajeev Vulnerability details Impact Solidity’s ecrecover returns 0 if signature is invalid. The Sig.sol library does not perform zero address check on ecrecover’s return value and returns it as-is. The validOrderHash function in Swivel which uses Sig.recover compares its return value...

return value of 0 from ecrecover not checked

Handle gpersoon Vulnerability details Impact The solidity function ecrecover is used, however the error result of 0 is not checked for. See documentation: "recover the address associated with the public key from elliptic curve signature or return zero on error. " Now you can supply invalid input...

functions permit and permitAll can be tricked by an invalid signature

Handle pauliax Vulnerability details Impact When the signature is not valid, ecrecover returns empty 0x0 address. There is a potential check against that: require recoveredAddress != address0 && recoveredAddress == owner || isApprovedForAllownerrecoveredAddress, "INVALIDPERMITSIGNATURE" ; However...

Beebots.TradeValid() Will Erroneously Return True When Maker Is Set To Address(0) and makerIds Are Set To The TokenIds of Unminted Beebot NFTs

Handle jvaqa Vulnerability details Impact Beebots.TradeValid Will Erroneously Return True When Maker Is Set To Address0 and makerIds Are Set To The TokenIds of Unminted Beebot NFTs Beebots.verify Returns True No Matter What Signature Is Given When Signer Is Set To address0. This means that...