0x52
medium
resolveQueuedTrades is intended to be non atomic but invalid signature can still cause entire transaction to revert
BufferRouter#resolveQueuedTrades and unlockOptions attempt to be non atomic (i.e. doesn't revert the transaction if one fails) but an invalid signature can still cause the entire transaction to revert, because the ECDSA.recover sub call in _validateSigner can still revert.
function _validateSigner(
uint256 timestamp,
address asset,
uint256 price,
bytes memory signature
) internal view returns (bool) {
bytes32 digest = ECDSA.toEthSignedMessageHash(
keccak256(abi.encodePacked(timestamp, asset, price))
);
address recoveredSigner = ECDSA.recover(digest, signature);
return recoveredSigner == publisher;
}
_validateSigner can revert at the ECDSA.recover sub call breaking the intended non atomic nature of BufferRouter#resolveQueuedTrades and unlockOptions.
BufferRouter#resolveQueuedTrades and unlockOptions don't function as intended if signature is malformed
Manual Review
Use a try statement inside _validateSigner to avoid any reverts:
function _validateSigner(
uint256 timestamp,
address asset,
uint256 price,
bytes memory signature
) internal view returns (bool) {
bytes32 digest = ECDSA.toEthSignedMessageHash(
keccak256(abi.encodePacked(timestamp, asset, price))
);
- address recoveredSigner = ECDSA.recover(digest, signature);
+ try ECDSA.recover(digest, signature) returns (address recoveredSigner) {
+ return recoveredSigner == publisher;
+ } else {
+ return false;
+ }
}