Closed stevieraykatz closed 3 months ago
Closing out -- SignatureCheckerLib.isValidSignatureNow
appropriately returns false for address(0):
// `returndatasize()` will be `0x20` upon success, and `0x00` otherwise.
if iszero(or(iszero(returndatasize()), xor(signer, mload(t)))) {
isValid := 1
mstore(0x60, 0) // Restore the zero slot.
mstore(0x40, m) // Restore the free memory pointer.
break
}
This Code4rena finding correctly points out that the implementation being owned by
address(0)
might expose attack surface area. Though we cannot find a way to exploit this currently, it's trivial to change the implementations owner toaddress(1)
to completely eliminate this vector.