There is a common issue that ecrecover returns empty (0x0) address when the signature is invalid. While I didn't find any exact exploit path in your codebase, I still wanted to submit this as in a previous contest similar issue was assigned a high severity even no exact attack path and poc existed (see https://github.com/code-423n4/2021-04-meebits-findings/issues/4).
Recommended Mitigation Steps
Just wanted you to be aware of this as you may decide to add a check against an empty address or the judge can mark this as invalid otherwise.
Handle
pauliax
Vulnerability details
Impact
There is a common issue that ecrecover returns empty (0x0) address when the signature is invalid. While I didn't find any exact exploit path in your codebase, I still wanted to submit this as in a previous contest similar issue was assigned a high severity even no exact attack path and poc existed (see https://github.com/code-423n4/2021-04-meebits-findings/issues/4).
Recommended Mitigation Steps
Just wanted you to be aware of this as you may decide to add a check against an empty address or the judge can mark this as invalid otherwise.