signatures are malleable

[code423n4]

Handle

0xito

Vulnerability details

Impact

the verifysig function is vulnerable to signature modifications. one can take an existing signature and derive a second signature from it.

The ecrecover EVM opcode allows for malleable (non-unique) signatures: this function rejects them by requiring the s value to be in the lower half order, and the v value to be either 27 or 28. - OpenZeppelin

the impact should be low because replay attacks with a different signature are not useful for this protocol.

[jkilpatr]

duplicate of #61

[albertchon]

Duplicate of https://github.com/code-423n4/2021-08-gravitybridge-findings/issues/61