BLSSignatureChecker::checkSignatures - document that msgHash
parameter MUST be a hash, because it's otherwise treated as a point in G1
#172
Labels
From Middleware audit, item P2:
Clients of EigenLayer-middleware will call its main validation function, checkSignatures.
Clients should be careful to ensure that argument msgHash is indeed a hash (i.e., collision-resistant), and not directly controlled by an untrusted party. If the latter were to happen, multiple purported signed messages (likely garbage) could be validated. The reason is that the argument is being passed to function trySignatureAndApkVerification and eventually to hashToG1, which (despite its name) is not a collision-resistant hash function: it directly applies a modulo operation to its argument, before attempting to find a group element.
The text was updated successfully, but these errors were encountered: