validatePaymasterUserOp
allows for signature malleability
#408
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-453
edited-by-warden
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2023-01-biconomy/blob/main/scw-contracts/contracts/smart-contract-wallet/paymasters/verifying/singleton/VerifyingSingletonPaymaster.sol#L107
Vulnerability details
Impact
The
validatePaymasterUserOp
allows for both 64 and 65 sig lengths:require(sigLength == 64 || sigLength == 65, "VerifyingPaymaster: invalid signature length in paymasterAndData");
This might result in signature malleability depending on which ECDSA version is used.
Proof of Concept
As already above described, the
validatePaymasterUserOp
function lays the first step for potential signature malleability due to it accepting a length of 64 as well. Depending on the used version ofECDSA.sol
this will result in a potential vulnerability. We are aware that the deployment will most probably automatically use the fixedECDSA.sol
contract, however, if this codebase is ever forked with an olderECDSA.sol
version, the vulnerability will occur, while this could be easily fixed. Hence the medium risk rating.Tools Used
VSCode
Recommended Mitigation Steps
Consider limiting the
sigLength
acceptance to 65 in order to prevent potential signature malleabilities.The text was updated successfully, but these errors were encountered: