You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When calling recoverPubKey with an invalid s (i.e. 0), it returns a public key. The same signature fails with verify, as 1 >= s >= n-1. This doesn't immediately sound like a vulnerability, except there exist libraries depending on elliptic which assume signature validity provided the output of recoverPubKey.
The text was updated successfully, but these errors were encountered:
When calling
recoverPubKeywith an invalids(i.e.0), it returns a public key. The same signature fails withverify, as1 >= s >= n-1. This doesn't immediately sound like a vulnerability, except there exist libraries depending on elliptic which assume signature validity provided the output ofrecoverPubKey.The text was updated successfully, but these errors were encountered: