Open code423n4 opened 3 years ago
cmichel
The TridentNFT.permit/permitAll functions don't perform additional signature validity checks, like checking that s is within valid range and that v is a valid number.
TridentNFT.permit/permitAll
s
v
Probably not an issue when using fresh nonces each time.
nonce
Consider using OpenZeppelin's ECDSA.recover that performs additional checks.
Handle
cmichel
Vulnerability details
The
TridentNFT.permit/permitAllfunctions don't perform additional signature validity checks, like checking thatsis within valid range and thatvis a valid number.Impact
Probably not an issue when using fresh
nonces each time.Recommended Mitigation Steps
Consider using OpenZeppelin's ECDSA.recover that performs additional checks.