Submission Details
Severity:
No return value check inside _validateSignature function
Summary
No return value check inside _validateSignature function
Vulnerability Details
After receiving and setting the argument for the ECDSA.recover function there's no check for the return value.
This call does not revert if the signature is invalid, or if the signer is otherwise unable to be retrieved.
In those scenarios, the zero address is returned.
So the return value should be exemined carefully to validate the signature.
Impact
No signature validation so anyone can force transaction through the account.
Tools Used
Manuel reiview
Recommendations
Set appropriate signature validation and check the return value of ECDSA recover function.
Updates
Lead Judging Commences
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
ECDSA.recover should check against sender
Rewards breakdown
nSLOC
89This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.