When verify webauth signature. In case S value > _P256_N_DIV_2, library will return false. But we can Canonical S- value to preventing the creation of a second valid signature
if (webAuthnAuth.s > _P256_N_DIV_2) {
// guard against signature malleability
webAuthnAuth.s = FCL_Elliptic_ZZ.n - webAuthnAuth.s;
//return false;
}
https://github.com/base-org/webauthn-sol/blob/619f20ab0f074fef41066ee4ab24849a913263b2/src/WebAuthn.sol#L110
When verify webauth signature. In case
S value > _P256_N_DIV_2
, library will return false. But we can Canonical S- value to preventing the creation of a second valid signature