Assessment reports>Orderly Network>Threat Model>marketUploadEncodeHashVerify

Function: marketUploadEncodeHashVerify(MarketTypes.UploadSumUnitaryFundings data, address signer)

This allows verification of a market upload with sum unitary fundings payload.

Inputs

  • data

    • Control: Fully controlled by the calling function.

    • Constraints: Needs to be part of a valid signature.

    • Impact: The data struct that contains the signed message and its signature.

  • signer

    • Control: Fully controlled by the calling function.

    • Constraints: Returns whether it matches the recovered signature's signer.

    • Impact: Presumably the signer of the message.

Branches and code coverage

Intended branches

  • Assure that signature is not replayable. Currently not enforced as no nonce is used.

  • Assure that the max timestamp of the signature is not in the past. Currently not enforced.

  • Return whether the signer matches the recovered's address.

  • Assure that signature is not malleable. Currently enforced as ECDSA is used.

Negative behavior

  • Should not exclude any of the data from the hash.

Zellic © 2024Back to top ↑