2 matches found
Lack of Event Signature Verification
Lines of code Vulnerability details Impact The functions submitExchangeRateData, submitSDPrice, and submitValidatorStats emit events without verifying the signature of the calling contract. Malicious contracts can exploit this by emitting events with misleading information, potentially deceiving...
## [H-02] Return value of 0 from ecrecover not checked
Lines of code Vulnerability details Impact The solidity function ecrecover is used, however the error result of 0 is not checked for. See documentation: "recover the address associated with the public key from elliptic curve signature or return zero on error. " Now you can supply invalid input...