Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Babylon Chain>Low findings>Differences between ,signHash, and ,Sign
GeneralOverview
Findings
Critical (4)
Medium (1)
Low (4)Lack of input validationsVigilante makes an unnecessary report to BabylonDifferences between signHash and SignFinality provider BTC private key used as HMAC key for generating nonces
Informational (4)
DiscussionOverflowed transaction promotionMitigating potential attacks through maximum staking valueImproving front-end security
Threat ModelTransaction generation and signingBabylon modules
Audit ResultsAssessment Results
Category: Coding Mistakes

Differences between signHash and Sign

Low Severity
Low Impact
Low Likelihood

Description

Babylon's eots.signHash is adapted from btcd's btcec.Sign, but it differs in several ways:

  • It does not check that the nonce (privateRand) is nonzero.

  • It does not make use of the "BIP0340/aux" tag for the private key, nor the "BIP0340/nonce" tag for the nonce.

Impact

If the nonce is uniformly random, it will only be zero with probability , which is already the security parameter of the signature scheme.

Tagged hashes are a defense-in-depth against cross-context hash collisions, which are similarly low probability.

Recommendations

Add the corresponding tags and checks to eots.signHash — if this part of the extractable one-time signatures (EOTS) signature scheme remains after fixing the interaction with BIP-32.

Remediation

Tracked by https://github.com/babylonchain/babylon/issues/691

Zellic © 2025Back to top ↑