Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Lazer>Low findings>Signature malleability
GeneralOverview
Findings
Low (2)Signature malleabilityImproper initialization within the UUPS pattern
Informational (3)
Threat ModelWhat are threat models?PythLazer.sol
Audit ResultsAssessment Results
Category: Coding Mistakes

Signature malleability

Low Impact
Low Severity
Medium Likelihood

Description

The current implementation recovers the signer using the raw ecrecover function. Unlike OpenZeppelin's ECDSA library, this implementation does not include signature-malleability checks. The ecrecover function accepts both 27 and 28 as valid values for the v parameter and allows both lower and upper values for the s parameter. This means that multiple valid signatures can exist for the same message and signer.

signer = ecrecover( 
    hash,
    uint8(update[68]) + 27,
    bytes32(update[4:36]),
    bytes32(update[36:68])
);

Impact

While this does not impact the security of the contract itself, depending on the use case in the consumer contract, accepting two different signatures from the same signer may lead to unexpected behavior (e.g., when the consumer contract manages signatures in a batch).

Recommendations

It is recommended to use OpenZeppelin's ECDSA library instead of the raw ecrecover function.

Remediation

This issue has been acknowledged by Pyth Data Association, and a fix was implemented in commit 49de9a23.

Zellic © 2025Back to top ↑