c4-judge
commented
1 year ago gzeon-c4 marked the issue as primary issue
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago gzeon-c4 marked the issue as primary issue
gzeoneth
commented
1 year ago c4-judge
commented
1 year ago gzeon-c4 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-01-biconomy/blob/53c8c3823175aeb26dee5529eeefa81240a406ba/scw-contracts/contracts/smart-contract-wallet/paymasters/verifying/singleton/VerifyingSingletonPaymaster.sol#L107 https://github.com/code-423n4/2023-01-biconomy/blob/53c8c3823175aeb26dee5529eeefa81240a406ba/scw-contracts/contracts/smart-contract-wallet/interfaces/IERC1271Wallet.sol#L18 https://github.com/code-423n4/2023-01-biconomy/blob/53c8c3823175aeb26dee5529eeefa81240a406ba/scw-contracts/contracts/smart-contract-wallet/interfaces/IERC1271Wallet.sol#L34 https://github.com/code-423n4/2023-01-biconomy/blob/53c8c3823175aeb26dee5529eeefa81240a406ba/scw-contracts/contracts/smart-contract-wallet/SmartAccount.sol#L347-L350
Vulnerability details
Impact
It is possible to use compact signatures and this allows malleability of the signature.
Description
Here, the
ecrecover()method doesn't check thesrange and also compact signatures must not be allowed in order to prevent signature malleability.Homestead (EIP-2) added this limitation, however the precompile remained unaltered. The majority of libraries, including OpenZeppelin, do this check.
Since an order can only be confirmed once and its hash is saved, there doesn't seem to be a serious danger in existing use cases.
Reference:
Affected source code:
Additionally, the following interfaces are susceptible to being implemented incorrectly:
ecrecover:Recommended Mitigation Steps
As Open Zeppelin did, it's better to remove the compact signatures features.