validatePaymasterUserOp allows for signature malleability
#408
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-453
edited-by-warden
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Comments
code423n4
added
2 (Med Risk)
|
gzeon-c4 marked the issue as duplicate of #453 |
|
livingrockrises marked the issue as sponsor confirmed |
c4-sponsor
added
the
sponsor confirmed
c4-judge
added
the
unsatisfactory
|
gzeon-c4 marked the issue as unsatisfactory: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/paymasters/verifying/singleton/VerifyingSingletonPaymaster.sol#L107
Vulnerability details
Impact
The
validatePaymasterUserOpallows for both 64 and 65 sig lengths:require(sigLength == 64 || sigLength == 65, "VerifyingPaymaster: invalid signature length in paymasterAndData");This might result in signature malleability depending on which ECDSA version is used.
Proof of Concept
As already above described, the
validatePaymasterUserOpfunction lays the first step for potential signature malleability due to it accepting a length of 64 as well. Depending on the used version ofECDSA.solthis will result in a potential vulnerability. We are aware that the deployment will most probably automatically use the fixedECDSA.solcontract, however, if this codebase is ever forked with an olderECDSA.solversion, the vulnerability will occur, while this could be easily fixed. Hence the medium risk rating.Tools Used
VSCode
Recommended Mitigation Steps
Consider limiting the
sigLengthacceptance to 65 in order to prevent potential signature malleabilities.The text was updated successfully, but these errors were encountered: