verifySignature with invalid message #2578

nurs-jubatyrov · 2023-07-20T09:42:22Z

When calling verifySignature you can append any character to the message payload and it would verify the signature correctly.

Steps To Reproduce
Steps to reproduce the behavior:

Call verifySignature with argument and append any character to the message payload.
The function should return false instead of true.

Additional context
The issue is in hex2buf function in https://github.com/ecadlabs/taquito/blob/27f57de79ab464b7c4d9255275c2f48216214fad/packages/taquito-utils/src/taquito-utils.ts#L199C3-L199C3 which would truncate if the length of the message is odd.

The text was updated successfully, but these errors were encountered:

jevonearth · 2023-07-25T13:36:33Z

Acking this issue, thank you for reporting. A fix is in the works.

jevonearth · 2023-07-25T16:28:06Z

Addressed in PR #2580

dsawali · 2023-07-26T20:55:42Z

issue #2580 has been completed and the patch release Taquito v17.1.1 has been released here:
https://www.npmjs.com/package/@taquito/taquito/v/17.1.1

nurs-jubatyrov added the bug Something isn't working label Jul 20, 2023

Innkst added this to the v17.1.1 milestone Jul 26, 2023

dsawali closed this as completed Jul 26, 2023

ac10n added this to Taquito Dev Jun 21, 2024

ac10n moved this to Done in Taquito Dev Jun 21, 2024

Provide feedback