Skip to content

Latest commit

 

History

History
47 lines (26 loc) · 1.86 KB

File metadata and controls

47 lines (26 loc) · 1.86 KB

Dizzy Tan Parakeet

Medium

_countValidSignatures Fails if signatureSplit Method is Not Implemented

Summary

The _countValidSignatures method in the HatsSignerGate contract relies on the signatureSplit method to parse signatures. If signatureSplit is not properly implemented or invoked, signature validation will fail, rendering the process incomplete.

Root Cause

https://github.com/sherlock-audit/2024-11-hats-protocol/blob/main/hats-zodiac/src/HatsSignerGate.sol#L657

The signatureSplit method, called within _countValidSignatures, is neither implemented in the contract nor imported from an external library. This omission causes the signature parsing to fail, preventing the _countValidSignatures method from executing successfully.

Internal pre-conditions

The contract calls the _countValidSignatures method. The signatureSplit method is undefined or not imported, causing a failure. The signatures array contains signatures to be parsed.

External pre-conditions

No specific external conditions are required; the failure entirely depends on the contract's implementation.

Attack Path

Call functions like checkTransaction that rely on the _countValidSignatures method. Since signatureSplit is not implemented, _countValidSignatures fails during signature parsing and throws an error. Signature validation cannot proceed, resulting in valid transactions failing to pass verification or other dependent logic breaking.

Impact

Affected Party: Signature validation logic in the HatsSignerGate contract

The failure of signature parsing prevents correct validation of legitimate signatures. Other functionalities relying on this validation logic may also be disrupted, causing transactions to fail.

PoC

No response

Mitigation

Ensure the signatureSplit method is correctly implemented within the contract or imported from a verified external library.