code-423n4 / 2021-10-ambire-findings

0 stars 0 forks source link

ecrecover may return empty address #56

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

pauliax

Vulnerability details

Impact

There is a common issue that ecrecover returns empty (0x0) address when the signature is invalid. function recoverAddrImpl should check that before returning the result of ecrecover.

Recommended Mitigation Steps

See the solution here: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v3.4.0/contracts/cryptography/ECDSA.sol#L68

Ivshti commented 2 years ago

resolved in https://github.com/AmbireTech/adex-protocol-eth/commit/08d050676773fcdf7ec1c4eb53d51820b7e42534

GalloDaSballo commented 2 years ago

This is a very nasty gotcha from erecover. The sponsor has mitigated

GalloDaSballo commented 2 years ago

It seems like the finding doesn't have bigger implications so I agree with the low severity