kayabaNerve
commented
7 months ago No. This is a critical in not only monero-serai yet in the multisig functionality specifically. This would cause invalid participants in the FROST process to not be flagged as it'd think the signature is still (wrongly) valid.
On the one hand, monero-serai wasn't audited (queued), I haven't done my final pass, and it's not a 1.0. On the other, I'm fucking pissed this made it through and horrified. At best, I can be proud monero-serai did enough right it caught enough other people this was itself caught.
Matrix is acting up and I don't have any messages from you. Please reach out on Discord (Serai Discord to find me) or Telegram (kayabaNerve), or let me know if I need to make a new Matrix account on monero.social so we can sync on this.
Boog900
We were not setting c1 to the last calculated c during verification, instead keeping it set to the one provided in the signature, allowing forgeries.
@kayabaNerve I did message you on matrix but it seems there are still issues so I decided just to open this PR, although this is bad AFAIK no one relies on this ATM.