Open hats-bug-reporter[bot] opened 1 week ago
Note that isValidSignatureForSigner
is a bespoke function for validating signatures given signer parameters is not an EIP-1271 or legacy EIP-1271 method. As such, it does not need to adhere to any particular standard.
In fact, the function is documented to return the same value as createSigner().isValidSignature()
which implies that it should return the EIP-1271 magic value.
As such, I believe this submission is invalid.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x1019c255aab9a19a1e670c220c98061a64a5c573ca47d330c4a14197c58c2fd6 Severity: low
Description: Description\
SignatureValidator
has two functions to validate the signatures. One with actual EIP-2171MAGIC_VALUE
and another with EIP-2171LEGACY_MAGIC_VALUE
.It can be seen in
isValidSignatureForSigner()
function ofSafeWebAuthnSignerFactory.sol
:There is only functionality for EIP-2171 signature verification with MAGIC_VALUE, However, the legacy version
LEGACY_MAGIC_VALUE
implemented inSignatureValidator
contract is not used anywhere.I believe, since there is inclusion of
LEGACY_MAGIC_VALUE
in Safe contracts then for sure there would be its use to validate the signature which is in formbytes4(keccak256("isValidSignature(bytes,bytes)")
.Recommendation\ Check and review the use of
LEGACY_MAGIC_VALUE
across inscope safe contracts. As only the EIP-2171 is being used to validate the signature and this legacy version is used un-left.