Description

The ed25519.move module defines functions that can be used to verify ed25519 signatures. In addition to a verify function allowing to verify a single signature, the module also supports a batch_verify function that can be used to perform a more efficient batch verification of the following cases (quoting from the module documentation):

///  - Equal number of messages, signatures, and public keys: Standard, generic functionality.
///  - One message, and an equal number of signatures and public keys: Multiple digital signature
/// (multisig) verification of a single message.
///  - One public key, and an equal number of messages and signatures: Verification of multiple
/// messages, all signed with the same private key.

The caller is supposed to provide three input arrays with a matching number of elements:

public fun batch_verify(
    messages: vector<vector<u8>>,
    public_keys: vector<PublicKey>,
    signatures: vector<Signature>,
)

The native function that performs batch signature verification does check that the number of elements in the arrays matches a supported scenario, but in case of a mismatch, it returns an invariant violation error, which is reserved for cases where the Move VM has detected an invariant violation that should never occur, such as an inconsistency due to a verifier bug.

Impact

This issue is reported as informational, as it does not allow to bypass any security invariant. It causes an inappropriate error to be returned when calling batch_verify with incorrectly sized arrays.

Recommendations

Return an appropriate error if the number of elements provided as arguments to batch_verify by the user is incorrect.

Remediation