Assessment reports>Orderly Network>Threat Model>perpUploadEncodeHashVerify

Function: perpUploadEncodeHashVerify(PerpTypes.FuturesTradeUploadData data, address signer)

This allows verification of a perp upload payload.

Inputs

  • data

    • Control: Fully controlled by the calling function.

    • Constraints: Needs to be part of a valid signature.

    • Impact: The data struct that contains the signed message and its signature.

  • signer

    • Control: Fully controlled by the calling function.

    • Constraints: Returns whether it matches the recovered signature's signer.

    • Impact: Presumably the signer of the message.

Branches and code coverage

Intended branches

  • Assure that signature is not replayable. Currently not enforced as no nonce is used.

  • Assure that the timestamp of signature is not in the past. Currently not enforced, as there is no timestamp.

  • Return whether the signer matches the recovered's address.

  • Assure that signature is not malleable. Currently enforced as ECDSA is used.

Negative behavior

  • Should not exclude any of the data from the hash. Currently enforced.

Zellic © 2024Back to top ↑