This repository implements a simplified PoC that demonstrates how signature malleability attacks using compact signatures can be executed. The PoC showcases two interconnected issues:
-
A vulnerability with the OpenZeppelin
4.6
ECDSA library which is vulnerable to the signature malleability exploit. The vulnerability was patched in version4.7.3
. Also, see here for the published security advisory. -
Signatures MUST NOT be used as unique identifiers, since the
ecrecover
precompile generally allows for malleable (non-unique) signatures (see EIP-2) or signatures can be malleablised using EIP-2098. The underlying issue in theecrecover
precompile stems from the fact that there are twoy
-coordinates for everyx
-coordinate on the elliptic curve. The OpenZeppelin ECDSA library prevents this particular malleability attack vector by reverting if the secp256k1 32-byte signature parameters
is too high.