Closed ross-spencer closed 8 months ago
Hey, thank you for raising the issue! Can confirm its a bug in the dashboard.
Some more context:
The (v, r, s)
triplet is the ECDSA signature. Changing any of these fields should always invalidate the signature, ie make the verification fail. Note that r
and s
are per spec always 32 bytes, which is why the dashboard currently just reads the first 32 bytes and doesn't realize additional data got appended to the string.
Important for other readers: The issue is about a bug in the Chronicle's dashboard and not in the Scribe contract itself!
Bug Report
Current Behavior
Currently, appending the
s
field in the signature with data doesn't invalidate the signature.Expected behavior/code
When validating a signature via the dashboard, editing any part of the signature is supposed to invalidate the signature.
Environment
Find the
s
field, and add data to the end, within the quotation marks.Additional context
Screenshot of the issue with the fields appending with
MY_SECRET_MESSAGE
andANOTHER_MESSAGE
:I am not sure what each of the fields are, so I don't know what impact the
s
field should have.NB. apologies if this is the wrong repository to report the issue, I couldn't find a better place.