First Flight #15: Mondrian Wallet

Beginner FriendlyFoundry
100 EXP
Submission Details
Severity: high
Valid

A flaw in `MondrianWallet::_validateSignature` allows malicious users to bypass signature verification of transactions, potentially resulting in the loss of user funds.

Updates

Lead Judging Commences

InAllHonesty Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

ECDSA.recover should check against sender

`_validateSignature` SHOULD return SIG_VALIDATION_FAILED (and not revert) on signature mismatch.

Support

FAQs

Can’t find an answer? Join our Discord or follow us on Twitter.