CryptoAudit on Nostr: If you have worked with Solidity, you are familiar with the ecrecover function. If ...
If you have worked with Solidity, you are familiar with the ecrecover function. If signature is not valid, this function returns signing address or 0. Therefore, the output of this function should always be checked.
You can easily write a rule for this pattern with the @semgrep tool and find all the cases that are not like this.
Published at
2024-09-12 21:34:31Event JSON
{
"id": "d286bfb6aa9f373997d7dc74f365e4ab502d2eac72011a6dcce0a30cc7be550c",
"pubkey": "daf7f4ccb8f4129d093c5b72d94423d8ff76b894dcf2789931aa62cf429e95a6",
"created_at": 1726176871,
"kind": 1,
"tags": [],
"content": "If you have worked with Solidity, you are familiar with the ecrecover function. If signature is not valid, this function returns signing address or 0. Therefore, the output of this function should always be checked.\n\nYou can easily write a rule for this pattern with the @semgrep tool and find all the cases that are not like this.",
"sig": "9a5d328f9e73cc7d25a95e50dfb989f232f12808e26ea6d5c0ead7706ad9717fd85b17458032e9c8583357bff3431aca6abc32356889830d190d5c66a744b596"
}
