The SignatureValidator.recoverAddrImpl function does not check for malleable signatures.
Without this check, anyone can derive a second, different but valid signature (for the same message).
Impact
As nonces are used and the signature bytes are never used themselves, not checking for malleability does not lead to issues.
Handle
cmichel
Vulnerability details
The
SignatureValidator.recoverAddrImpl
function does not check for malleable signatures. Without this check, anyone can derive a second, different but valid signature (for the same message).Impact
As nonces are used and the signature bytes are never used themselves, not checking for malleability does not lead to issues.
Recommended Mitigation Steps
You might or might not want to implement these additional checks, depending on gas costs.