the verifysig function is vulnerable to signature modifications.
one can take an existing signature and derive a second signature from it.
The ecrecover EVM opcode allows for malleable (non-unique) signatures: this function rejects them by requiring the s value to be in the lower half order, and the v value to be either 27 or 28. - OpenZeppelin
the impact should be low because replay attacks with a different signature are not useful for this protocol.
Handle
0xito
Vulnerability details
Impact
the
verifysig
function is vulnerable to signature modifications. one can take an existing signature and derive a second signature from it.the impact should be low because replay attacks with a different signature are not useful for this protocol.