CryptoAudit on Nostr: An important point about the ecrecover function is that in some cases when the ...
An important point about the ecrecover function is that in some cases when the signature is not valid, this function returns a random address instead of returning address 0.
Both cases can be seen in the code below and you can easily write a rule for it with the @semgrep tool.
```solidity
address signer = ecrecover(hash, v, r, s);
require(signer == owner, "MyFunction: invalid signature");
require(signer != address(0), "ECDSA: invalid signature");
```
If you have worked with Solidity, you are familiar with the ecrecover function. If signature is not valid, this function returns signing address or 0. Therefore, the output of this function should always be checked.
You can easily write a rule for this pattern with the @semgrep tool and find all the cases that are not like this.
Published at
2024-09-14 18:52:34Event JSON
{
"id": "50f9f4de8dd044e652327781a40935e5e02334c9cc7ef2b35e981567ddac234c",
"pubkey": "daf7f4ccb8f4129d093c5b72d94423d8ff76b894dcf2789931aa62cf429e95a6",
"created_at": 1726339954,
"kind": 1,
"tags": [
[
"e",
"d286bfb6aa9f373997d7dc74f365e4ab502d2eac72011a6dcce0a30cc7be550c",
"",
"mention"
],
[
"p",
"daf7f4ccb8f4129d093c5b72d94423d8ff76b894dcf2789931aa62cf429e95a6",
"",
"mention"
],
[
"q",
"d286bfb6aa9f373997d7dc74f365e4ab502d2eac72011a6dcce0a30cc7be550c"
]
],
"content": "An important point about the ecrecover function is that in some cases when the signature is not valid, this function returns a random address instead of returning address 0.\nBoth cases can be seen in the code below and you can easily write a rule for it with the @semgrep tool.\n\n```solidity\n address signer = ecrecover(hash, v, r, s);\n require(signer == owner, \"MyFunction: invalid signature\");\n require(signer != address(0), \"ECDSA: invalid signature\");\n```\nnostr:nevent1qqsd9p4lk64f7deejltaca8nvhj2k5pd96k8yqg6dhxwpgcvc7l92rqpzpmhxue69uhkummnw3ezumt0d5hsygx67l6vew85z2wsj0zmwtv5gg7clamt39xu7fufjvd2vt8598545cpsgqqqqqqsh9kc82",
"sig": "9e7ebd40012f2cb53d113e7f30ddb02ab1cd7b002f1d840feb717b8580e108b9e6912e6dcc72912d2a10fa6a24d4ad494f4cba28015dd430810a447be9290951"
}
