incorrect message signer check in ecrecover() and no validation for oracleSigner which would cause all the unsigned messagess to be considered asvalid ones
Lines of code Vulnerability details Impact address oracleSigner has been used to verify signed messages by comparing the return value of ecrecover by oracleSigner. but the return value of ecrecover would be 0x0 and code doesn't check that return value is not 0x0. if owner set oracleSigner as 0x0 ...