Use of ecrecover is susceptible to signature malleability #117
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
Comments
code423n4
added
1 (Low Risk)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
defsec
Vulnerability details
Impact
The ecrecover function is used in permit() to recover the address from the signature. The built-in EVM precompile ecrecover is susceptible to signature malleability which could lead to replay attacks (references: https://swcregistry.io/docs/SWC-117, https://swcregistry.io/docs/SWC-121 and https://medium.com/cryptronics/signature-replay-vulnerabilities-in-smart-contracts-3b6f7596df57).
Proof of Concept
https://github.com/code-423n4/2021-11-streaming/blob/main/Streaming/src/LockeERC20.sol#L156
Tools Used
None
Recommended Mitigation Steps
Consider using OpenZeppelin’s ECDSA library (which prevents this malleability) instead of the built-in function.
The text was updated successfully, but these errors were encountered: