CVE-2021-21405

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...

Design/Logic Flaw

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...

CVE-2021-21405 BLS Signature "Malleability"

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...

CVE-2021-21405

CVE-2021-21405 concerns Lotus, a Go implementation of the Filecoin protocol. The issue arises from BLS signature validation that uses the blst VerifyCompressed method, which accepts signatures in two forms: “serialized” and “compressed.” Because the block header CID embeds the BlockSig, Lotus pre...

PT-2021-14482 · Unknown +2 · Filecoin-Ffi +2

Name of the Vulnerable Software and Affected Versions: Lotus affected versions not specified Description: The issue concerns BLS signature validation in Lotus, which uses the blst library method VerifyCompressed. This method accepts signatures in two forms: serialized and compressed, allowing BLS...