delegateBySig can use malleable signatures

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0xb4f750054a2214eafb205ca158257937702f0e619fdb0ab929abf775d8d475e2 Severity: low

Description: Context: VotingEscrowUpgradeable.sol#L1332

Description\ Because the function delegateBySiguses ecrecover and doesn't check for the value of the signature, other signatures, that have higher numerical values, which map to the same signature, could be used. Because the code uses nonces only one signature could be used per nonce.

Recommendation: Consider using ECDSA by Open Zeppelin, or adding the check they use here.

[BohdanHrytsak]

Thank you for the submission.

The use of an inverted signature in our case does not pose any threat, it will still be the same valid signature for the user and contract. OZ restricts this to prevent any use cases where users could use it

This is also the functionality that is inherited from Thena, OOS