Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Mitosis>Informational findings>Missing public-key validation
GeneralOverview
Findings
Critical (1)
High (2)
Medium (1)
Low (1)
Informational (6)Missing instance index update in migration functionUncapped withdrawals-processing configurationMissing public-key validationUninitialized return value in addStage functionRedelegation cooldown calculation issueTemporary high vote power when claiming in native token
DiscussionValidator slashing-mechanism perspective
DesignModule: evmengineModule: evmgovModule: evmvalidator
Audit ResultsAssessment Results
Category: Coding Mistakes

Missing public-key validation

Informational Impact
Informational Severity
N/A Likelihood

Description

There is an issue in Mitosis protocol's LibSecp256k1 library, where proper curve validation is not performed during the public-key decompression process. In the current LibSecp256k1 Solidity code, the uncompressPubkey function is implemented as follows:

function verifyCmpPubkey(bytes memory cmpPubkey) internal pure {
uncompressPubkey(cmpPubkey);
}
...
function uncompressPubkey(bytes memory cmpPubkey) internal pure returns (bytes memory uncmpPubkey) {
require(cmpPubkey.length == 33, StdError.InvalidParameter('cmpPubKey.length'));
require(cmpPubkey[0] == 0x02 || cmpPubkey[0] == 0x03, StdError.InvalidParameter('cmpPubKey[0]'));

uint8 prefix = uint8(cmpPubkey[0]);
uint256 x;
assembly {
x := mload(add(cmpPubkey, 0x21))
}
uint256 y = EllipticCurve.deriveY(prefix, x, AA, BB, PP);

uncmpPubkey = new bytes(65);
uncmpPubkey[0] = 0x04;
assembly {
mstore(add(uncmpPubkey, 0x21), x)
mstore(add(uncmpPubkey, 0x41), y)
}
return uncmpPubkey;
}

This function takes a compressed public key as input and performs decompression to return x, y coordinates, but it lacks a verification process to check if the resulting coordinates actually lie on the Secp256k1 elliptic curve.

In elliptic-curve cryptography, public keys must be valid elliptic-curve points. Performing curve operations without validity checks can result in incorrect cryptographic results or potential security vulnerabilities. Fortunately, this part of the code is not directly called in the current product.

Impact

This issue opens up the possibility of bypassing elliptic-curve point validation, potentially weakening the security of logic that relies on public-key verification. Attacks using invalid curve points may become possible, which could pose risks to authentication systems or signature verification.

Recommendations

Additional validation logic should be added to the uncompressPubkey function to verify that the returned x, y coordinates satisfy the Secp256k1 elliptic-curve equation.

Remediation

This issue has been acknowledged by Mitosis, and a fix was implemented in commit f8d4e514.

Zellic © 2025Back to top ↑