ecrecover function is vulnerable to signature malleability where in the attacker can observe the v,r,s values and generate another set of values which could result in same signer address. ecrecover should be avoided and instead library function from openzeppelin is recommended.
Vulnerability Detail
There is no impact or vulnerability to the current implementation or functionality, but it is recommended to avoid `ecrecover' function as it is vulnerable to attack. It is recommended to use library function from openzeppelin.
Careful Wooden Caribou
Low/Info
ecrecover is vulnerable to signature mallebality
Summary
ecrecoverfunction is vulnerable to signature malleability where in the attacker can observe the v,r,s values and generate another set of values which could result in same signer address.ecrecovershould be avoided and instead library function from openzeppelin is recommended.Vulnerability Detail
There is no impact or vulnerability to the current implementation or functionality, but it is recommended to avoid `ecrecover' function as it is vulnerable to attack. It is recommended to use library function from openzeppelin.
Impact
No Impact
Code Snippet
https://github.com/sherlock-audit/2024-06-velocimeter/blob/main/v4-contracts/contracts/Pair.sol#L434-L457
Tool used
Manual Review
Recommendation
Use the ECDSA library from openzeppelin as it addresses the malleability concern by restricting the acceptable values to one side of the ECDSA curve.
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/cryptography/ECDSA.sol