0x4non - Outdate OpenZeppelin lib contain some issues on `ECDSA` lib #60

sherlock-admin · 2022-11-22T20:07:44Z

0x4non

medium

Outdate OpenZeppelin lib contain some issues on `ECDSA` lib

You are using openzeppelin lib 4.3.2:
brownie-config.yaml#L17

This version contain some issues in the ECDSA lib.

Consider update to latest OZ version, 4.8.0

Since version 4.3.2 this has been updated;

4.4.0 (2021-11-25) ECDSA: add a variant of toEthSignedMessageHash for arbitrary length message hashing. (#890: Add ECDSA.toEthSignedMessageHash(bytes) for abritrary length message hashing OpenZeppelin/openzeppelin-contracts#2865)
4.8.0 ECDSA: Remove redundant check on the v value. (Remove redundant ECDSA constraint OpenZeppelin/openzeppelin-contracts#3591)
4.7.3 ECDSA: recover(bytes32,bytes) and tryRecover(bytes32,bytes) no longer accept compact signatures to prevent malleability. Compact signature support remains available using recover(bytes32,bytes32,bytes32) and tryRecover(bytes32,bytes32,bytes32).

Current ECDSA version outdated

Manual Review

Update to latest OZ version 4.8.0 with not only this issues fixed but with more gas optimizations.

Duplicate of #23

The text was updated successfully, but these errors were encountered:

sherlock-admin added Duplicate Medium labels Nov 22, 2022

sherlock-admin closed this as completed Nov 22, 2022