Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ensure correctness of signatures in vote extenstions #2432

Closed
ttarsi opened this issue Nov 8, 2024 · 0 comments
Closed

ensure correctness of signatures in vote extenstions #2432

ttarsi opened this issue Nov 8, 2024 · 0 comments
Assignees
Labels
cantina sprint: ad hoc PRs or issues included mid-sprint

Comments

@ttarsi
Copy link
Contributor

ttarsi commented Nov 8, 2024

Problem to Solve

k1util.Verify used in Vote.Verify and AggVote.Verify doesn't not check that the s component of the signature is in the lower half order. The openzeppelin ECDSA contract does this, but our k1util currently does not. So validators could submit invalid signatures, which would result in xsubmissions reverting.

Proposed Solution

add a check in k1util.Verify to ensure s is in the lower range, and check all vote extension are valid.

if (s > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
   // error 
}
@ttarsi ttarsi added this to the 1.1 - Mainnet Beta [Nov 20] milestone Nov 8, 2024
@fabtreb fabtreb added the sprint: ad hoc PRs or issues included mid-sprint label Nov 11, 2024
corverroos added a commit that referenced this issue Nov 11, 2024
Align consensus chain vote verification with portal OpenZepellin
verification that does additional ECDSA malleability checks. This
mitigates an attack where consensus chain signatures pass but fail in
portal.

issue: #2432
@fabtreb fabtreb closed this as completed Nov 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cantina sprint: ad hoc PRs or issues included mid-sprint
Projects
None yet
Development

No branches or pull requests

3 participants