Use of `ecrecover` is susceptible to signature malleability

[hats-bug-reporter[bot]]

Github username: @erictee2802 Twitter username: 0xEricTee Submission hash (on-chain): 0x850575d52b2daf230d814372a6c6e803f0d6687670b0592324c3c403151bcef8 Severity: low

Description: Description\

The ecrecover function is used to verify signatures. The built-in EVM precompile ecrecover is susceptible to signature malleability (because of non-unique s and v values) which could lead to replay attacks (references: https://swcregistry.io/docs/SWC-117, https://swcregistry.io/docs/SWC-121 and https://medium.com/cryptronics/signature-replay-vulnerabilities-in-smart-contracts-3b6f7596df57).

./apps/mock/IncentivizedMockEscrow.sol:53:        address messageSigner = ecrecover(keccak256(_message), v, r, s); 

./apps/wormhole/external/callworm/WormholeVerifier.sol:102:            address signatory = ecrecover(hash, v, r, s);

Attack Scenario\

Use of ecrecover might lead to replay attacks.

Attachments

NA

1. Proof of Concept (PoC) File

   NA

2. Revised Code File (Optional)

   Consider using OpenZeppelin’s ECDSA library (which prevents this malleability) instead of the built-in function: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/cryptography/ECDSA.sol

[reednaa]

Dublicate.

Comment: src/apps/mock/IncentivizedMockEscrow.sol What is the impact?

src/apps/wormhole/external/callworm/WormholeVerifier.sol Based on Wormhole. What is the impact?

src/apps/wormhole/external/wormhole/Messages.sol Not in scope.