Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix ECDSA signature malleability #3610

Merged
merged 4 commits into from Aug 10, 2022
Merged

Fix ECDSA signature malleability #3610

merged 4 commits into from Aug 10, 2022

Conversation

frangio
Copy link
Contributor

@frangio frangio commented Aug 10, 2022

Fixes a kind of signature malleability that is present in the ECDSA.recover and tryRecover variants that take a bytes signature argument, which can be both 65 bytes long and the compact 64 bytes encoded version.

@frangio frangio requested a review from Amxx August 10, 2022 18:21
Amxx
Amxx approved these changes Aug 10, 2022
View reviewed changes
Copy link
Collaborator

@Amxx Amxx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All good !

@frangio frangio merged commit d693d89 into OpenZeppelin:master Aug 10, 2022
@frangio frangio deleted the fix-malleability branch August 10, 2022 18:40
frangio added a commit that referenced this pull request Aug 10, 2022
@frangio
Fix ECDSA signature malleability (#3610)
e1878ac 
(cherry picked from commit d693d89)
@y0wl
Copy link

y0wl commented Aug 11, 2022

For reference, this pull request is motivated by this security advisory - GHSA-4h98-2769-gh6h

ronhuafeng added a commit to ronhuafeng/openzeppelin-contracts that referenced this pull request Sep 9, 2022
@ronhuafeng
Fix ECDSA signature malleability (OpenZeppelin#3610)
a208236
@hujw77 hujw77 mentioned this pull request Sep 26, 2022
Merged
This was referenced Jan 9, 2023
Closed
Closed
@code423n4 code423n4 mentioned this pull request Apr 28, 2023
Closed
@code423n4 code423n4 mentioned this pull request Jul 13, 2023
Open
davidbrai added a commit to nounsDAO/nouns-monorepo that referenced this pull request Jul 18, 2023
@davidbrai
update ECDSA version to fix a sig malleability issue
fc33b6f 
see also: OpenZeppelin/openzeppelin-contracts#3610
and: code-423n4/2023-07-nounsdao-findings#198
@davidbrai davidbrai mentioned this pull request Jul 18, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Amxx Amxx Amxx approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@frangio @y0wl @Amxx