Last updated
Was this helpful?
Submitted on Nov 30th 2023 at 09:33:15 UTC by @EricTee for
Report ID: #26286
Report type: Smart Contract
Report severity: Insight
Target: https://github.com/degatedev/protocols/blob/degate_mainnet/packages/loopring_v3/contracts/lib/SignatureUtil.sol#L32-L51
Impacts:
Signature Validation Bypass
In https://github.com/degatedev/protocols/blob/degate_mainnet/packages/loopring_v3/contracts/lib/SignatureUtil.sol#L32-L51:
There is a potential signature validation bypass scenario happens in the above code, since there is no check that require(signers.length != 0), if an attacker passes in empty array of signers and signatures values, he can bypass the for loop. As a result, the function will directly return true. Though this function is not used anyway in the protocol yet, but I think the awareness should be raised to the protocol team in case this function is implemented in the future.
Potential Signature Validation Bypass
Difficulty to Exploit: Easy Weakness: Signature Validation Bypass CVSS2 Score: NA
Consider adding the check require(signers.length != 0, "BAD_SIGNATURE_DATA");:
NA
NA
