Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Hyperliquid>Discussion>Signature checks do not require arrays of signers
GeneralOverview
Findings
High (2)
Informational (4)
DiscussionSignature checks do not require arrays of signersPossible improvements for contract transparency
Threat ModelsWhat are threat models?Bridge2.sol
Audit ResultsSummary

Signature checks do not require arrays of signers

The requestWithdrawal, modifyLocker, and emergencyUnlock functions accept a signers array. This is passed into checkValidatorSignatures to verify that the action is authorized:

function checkValidatorSignatures(
  bytes32 message,
  ValidatorSet memory activeValidatorSet, // Active set of all L1 validators
  address[] memory signers, // Subsequence of the active L1 validators that signed the message
  Signature[] memory signatures,
  bytes32 validatorSetHash
) private view {

The array of signers is not necessary for performing the validator check. Instead, checkValidatorSignatures could simply recover the array of signers and check that it is a sufficiently weighted subsequence of the chosen validator set. Omitting this argument from these external functions would simplify the interface and save gas.

Note: this issue was addressed in commit ; the signers array is no longer required to be provided by the user, and the signer's address recovered from the individual signatures is used instead.

Zellic © 2025Back to top ↑