skip to content
zeroknots.eth

Security Issues: Signature Malleability

solidity, auditing, security

Timestamps are hard. They are often used in smart contracts but carry inherent risks that must be considered.

Intro

In the world of blockchain, security is of utmost importance. It’s essential to protect against any vulnerabilities or weaknesses that could lead to attacks, lost funds, or other negative consequences. One such vulnerability that often goes overlooked is signature malleability. It’s generally assumed that a valid signature cannot be modified without the private key and remain valid. However, in some cases, it is possible to modify the signature and maintain validity, leading to transaction replays and other security issues.

To understand how signature malleability works, we need to understand a bit about elliptic curve cryptography. An elliptic curve is a mathematical function that satisfies a specific equation, and it’s used in many cryptographic algorithms. The curve used by Ethereum is called secp256k1, and it’s symmetrical about the x-axis.

Ethereum uses ECDSA (Elliptic Curve Digital Signature Algorithm) as its signature scheme. ECDSA signatures consist of a pair of numbers, (r, s), with an integer order n. As a result of the x-axis symmetry, if (r, s) is a valid signature, then so is (r, -s mod n). This means that an attacker can produce a second valid signature that results in a different transaction identifier (txid) without knowing the private key used to produce the first signature.

One example of a system that can allow for a signature to be modified and remain valid is one in which the signature is included in a signed message hash that is used to prevent replays. If the resulting txid can be modified while maintaining valid inputs and a valid signature, the transaction can be repeated by an attacker, leading to potential loss of funds or other negative consequences.

To avoid this issue, it’s imperative that signatures are not included in a signed message hash used to enforce that the signature is not replayed. Instead, the hash should only include the relevant transaction data. By doing so, we can mitigate the risk of signature malleability and ensure the security of our blockchain transactions.

In conclusion, signature malleability is a vulnerability that can lead to transaction replays and other security issues. It’s essential to understand how this vulnerability works and take steps to mitigate it, such as avoiding including signatures in signed message hashes. By being vigilant and proactive about security, we can ensure the safety and integrity of our blockchain transactions.