if verifysig is called with the zero address as the _signer any signature will be valid.
this is because ecrecover does not revert on wrong signatures but returns the zero address instead.
Proof of Concept
Tools Used
Recommended Mitigation Steps
revert if the return value of ecrecover is the zero address.
use openzeppelin's ecdsa.sol for further checks on signature verifications.
Handle
0xito
Vulnerability details
Impact
if
verifysig
is called with the zero address as the_signer
any signature will be valid. this is because ecrecover does not revert on wrong signatures but returns the zero address instead.Proof of Concept
Tools Used
Recommended Mitigation Steps
revert if the return value of
ecrecover
is the zero address. use openzeppelin'secdsa.sol
for further checks on signature verifications.