Cause
is_valid_eth_signature is missing a call to finalize_keccak after calling verify_eth_signature.
Impact
As a result, any contract using is_valid_eth_signature from the account library (such as the EthAccount preset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts.
Risk
In order to exploit this vulnerability, it is required to control a sequencer or prover since they're the ones executing the hints, being able to inject incorrect keccak results.
Today StarkWare is the only party running both a prover or a sequencer, greatly reducing the risk of exploit.
Patches
The issue has been patched in 0.6.1.
For more information
If you have any questions or comments about this advisory:
Cause
is_valid_eth_signatureis missing a call tofinalize_keccakafter callingverify_eth_signature.Impact
As a result, any contract using
is_valid_eth_signaturefrom the account library (such as theEthAccountpreset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts.Risk
In order to exploit this vulnerability, it is required to control a sequencer or prover since they're the ones executing the hints, being able to inject incorrect keccak results.
Today StarkWare is the only party running both a prover or a sequencer, greatly reducing the risk of exploit.
Patches
The issue has been patched in 0.6.1.
For more information
If you have any questions or comments about this advisory: