Open hats-bug-reporter[bot] opened 1 week ago
I am marking this as invalid as the signature bytes are checked in WebAuthn.sol
(which is ultimately called by all paths of isValidSignature
and includes checks on upper bounds of signature length encoding:
Note that this is an upper bound check by design:
The proposed solution is not valid for this project - WebAuthn signatures are not 65 bytes, they include two 32 byte values for the ECDSA signature R and S components, as well as bytes for authenticator and client data that is required for computing the signing message.
Github username: @0xRizwan Twitter username: 0xRizwann Submission hash (on-chain): 0xe458bcaaf6e4d0173186894301d6a2213144dc069174e3805c03629524149211 Severity: low
Description: Description\
SignatureValidator.sol
is base contract supporting ERC1271 differentisValidSignature
versions._verifySignature()
is overridden and has been used inSafeWebAuthnSharedSigner.sol
andSafeWebAuthnSignerSingleton.sol
.Then, this
_verifySignature()
is being called inisValidSignature()
The issue is that,
_verifySignature()
as internal function does not validate the signature length passed with it. To protetct from malicious signatures, the signature length should be checked.If we see, EIP-1271 the reference implementation has checked the signature length thereby validating the signature input explicitely.
Reference- Reference Implementation
The means the signature.length == 65 considers, signature inputs,
v
asbytes1
,r
ands
isbytes32
of signature.Recommendations\
For signature inputs in functions, Check the signature length.
For example: