Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Extensible Vaults>Discussion>Updated business logic in the isValidSignature function now restricts calls to off-chain only
GeneralOverview
Findings
Medium (1)
Low (1)
DiscussionPrivileged role operationUpdated business logic in the isValidSignature function now restricts calls to off-chain only
Patch ReviewPatch ReviewChanges in contract structureIntroduction of new contracts

Updated business logic in the isValidSignature function now restricts calls to off-chain only

During our assessment, we identified that a new function, isValidSignature, was added to the ListaEarnStrategyManager contract, providing signature validation capability.

function isValidSignature(bytes32 hash_, bytes memory signature)
  external
  view
  returns (bytes4 magicValue)
{
  if (getRoleMemberCount(DEFAULT_ADMIN_ROLE) == 0) return 0xffffffff;

  // NOTE: we will only verify the signature of the admin at zero index
  address admin = getRoleMember(DEFAULT_ADMIN_ROLE, 0);
  if (admin == address(0)) return 0xffffffff;

  if (ECDSA.recover(hash_, signature) == admin) return ERC1271_MAGICVALUE;

  // invalid
  return 0xffffffff;
}

The Mitosis team updated their business requirements for the isValidSignature function from commit 26457c2 to cb43175 and modified their codebase in commit d86fa16 by restricting the function to be callable only off-chain.

function isValidSignature(bytes32 hash_, bytes memory signature)
  external
  view
  returns (bytes4 magicValue)
{
  // NOTE: restrict access to off-chain calls only by checking both sender and gas price
  require(_msgSender() == address(0), StdError.Unauthorized());
  require(tx.gasprice == 0, StdError.Unauthorized());

  return hasRole(SIGNATURE_VERIFIER_ROLE, ECDSA.recover(hash_, signature))
    ? ERC1271_MAGICVALUE
    : bytes4(0xffffffff);
}
Zellic © 2025Back to top ↑