Submission Details
Severity:
Missing validation checks for v value in signature
Impact
The validation checks for v value in the signature is missing.
Description
The v value for the signature in the components, v, r & s should be either 27 or 28 which is the valid value, but the check for the same is missing in NativeMetaTransaction::verify() function
function verify(address signer, MetaTransaction memory metaTx, bytes32 sigR, bytes32 sigS, uint8 sigV)
internal
view
returns (bool)
{
// @audit - verify v value is within a valid range, require(v == 27 || v == 28);
require(signer != address(0), "NativeMetaTransaction: INVALID_SIGNER");
return signer == ecrecover(toTypedMessageHash(hashMetaTransaction(metaTx)), sigV, sigR, sigS);
}
Tools Used
Manual Review
Recommendation
Add the following require check for the v value.
function verify(address signer, MetaTransaction memory metaTx, bytes32 sigR, bytes32 sigS, uint8 sigV)
internal
view
returns (bool)
{
+ require(v == 27 || v == 28, "invalid v value in signature");
require(signer != address(0), "NativeMetaTransaction: INVALID_SIGNER");
return signer == ecrecover(toTypedMessageHash(hashMetaTransaction(metaTx)), sigV, sigR, sigS);
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
54128 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.