Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⚠️ BN.toString(16) can result in wrong output ([email protected]) #299

Open
matthiasgeihs opened this issue Jan 3, 2023 · 1 comment
Open

⚠️ BN.toString(16) can result in wrong output ([email protected]) #299

matthiasgeihs opened this issue Jan 3, 2023 · 1 comment

Comments

@matthiasgeihs
Copy link

Citing indutny/bn.js#295:

In some circumstances the hex encoding of big numbers is wrong. In addition to a display issue, given that the the hex string if often used as an intermediate representation in transport/conversion scenarios, the re-constructed big number can actually change its value, creating serious issues.

The issue has been fixed in [email protected]@v5.2.1. elliptic should update to this version.
@agalatan agalatan mentioned this issue Mar 15, 2023
Closed
@nkavian
Copy link

nkavian commented Jun 13, 2023
edited

I'm almost certain this is the bug I ran into. Using elliptic through TronWeb, the signature has a correct "r" value, but the "s" and "v" value are wrong.

When performing the same exact signature using secp256k1 and server side Java bouncycastle; it works as expected.

I verified the "message" in all 3 cases is converted into the same exact Big Int so the "message" is not the source of any issues.

Also, it happened for a specific key we have. When trying a different private key, all 3 signatures matched.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nkavian @matthiasgeihs