Oblong Cherry Halibut
Medium
The system currently uses the direct ecrecover() function to determine the signer of signatureData:
https://github.com/sherlock-audit/2024-10-gamma-rewarder/blob/main/GammaRewarder/contracts/brevis/lib/Lib.sol#L133 function recover(bytes32 message, bytes32 r, bytes32 s, uint8 v) internal pure returns (address) { if (v < 27) { v += 27; } return ecrecover(message, v, r, s); }
This approach has the following issues:
- Error Handling: A failed signature verification returns
0rather than reverting with an error, potentially leading to incorrect error handling downstream. - Signature Manipulation: Direct use of
ecrecover()is vulnerable to manipulation. For example, adjusting thesignatureData.rparameter can yield a random address, allowing for incorrect or malicious signatures to be processed as valid.
Using a function from a well-established library, such as OpenZeppelin’s, can address these concerns.
No response
No response
No response
No response
No response
To improve security and error handling, use the OpenZeppelin [ECDSA](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/cryptography/ECDSA.sol) library for signature verification. This library provides a secure and reliable implementation of ecrecover() that includes robust error handling and mitigates the risk of signature manipulation. Incorporating this library will ensure more accurate and secure signature verification in the contract.