First Flight #15: Mondrian Wallet

Beginner FriendlyFoundry
100 EXP
Submission Details
Severity: high
Valid

Anyone Can Use the Contract Because `MondrianWallet::_validateSignature` Does Not Check The Signer Address

Updates

Lead Judging Commences

InAllHonesty Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

ECDSA.recover should check against sender

`_validateSignature` SHOULD return SIG_VALIDATION_FAILED (and not revert) on signature mismatch.

Support

FAQs

Can’t find an answer? Join our Discord or follow us on Twitter.