You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I believe that as Edge is currently written, it allows for signature malleability in its verification logic, in the sense that both versions of the proposer and sealer signatures will be valid. It might not cause bugs, if there is no consequence to having a signature be verified twice, but it might not be intended.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I believe that as Edge is currently written, it allows for signature malleability in its verification logic, in the sense that both versions of the proposer and sealer signatures will be valid. It might not cause bugs, if there is no consequence to having a signature be verified twice, but it might not be intended.
go-ethereumrejects s values in the upper rangehttps://github.com/ethereum/go-ethereum/blob/56dec25ae26bf749b93c3ea69538fabea60c5768/crypto/crypto.go#L263
Discussion in tendermint:
tendermint/tendermint#1958
Open-zeppelin rejects one of the transformations
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/cryptography/ECDSA.sol#L132. Related issue that spurred this: OpenZeppelin/openzeppelin-contracts#1622
We should consider adding this functionality in a breaking change (it would have to be a fork I believe) for completeness
Beta Was this translation helpful? Give feedback.
All reactions