Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Go

Elixir

CoffeeScript

Groovy

Assembly

Julia

Swift

Objective-C

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

PHP

F#

Scala

Dart

Java

TypeScript

C#

Shell

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇨🇱 Chile

🇵🇾 Paraguay

🇦🇺 Australia

🇱🇾 Libya

🇳🇴 Norway

🇩🇿 Algeria

🇫🇷 France

🇺🇦 Ukraine

All Countries Compare Countries

pcaversaccio/malleable-signatures

Stars
105
Rank 328,196 (Top 7 %)
Language
Solidity
License
Do What The F*ck ...
Created over 1 year ago
Updated 3 months ago

pcaversaccio/malleable-signatures

pcaversaccio

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

This repository implements a simplified PoC that demonstrates how signature malleability attacks using compact signatures can be executed.

Signature Malleability

This repository implements a simplified PoC that demonstrates how signature malleability attacks using compact signatures can be executed. The PoC showcases two interconnected issues:

A vulnerability with the OpenZeppelin 4.6 ECDSA library which is vulnerable to the signature malleability exploit. The vulnerability was patched in version 4.7.3. Also, see here for the published security advisory.
Signatures MUST NOT be used as unique identifiers, since the ecrecover precompile generally allows for malleable (non-unique) signatures (see EIP-2) or signatures can be malleablised using EIP-2098. The underlying issue in the ecrecover precompile stems from the fact that there are two y-coordinates for every x-coordinate on the elliptic curve. The OpenZeppelin ECDSA library prevents this particular malleability attack vector by reverting if the secp256k1 32-byte signature parameter s is too high.

reentrancy-attacks

A chronological and (hopefully) complete list of reentrancy attacks to date.

snekmate

State-of-the-art, highly opinionated, hyper-optimised, and secure 🐍Vyper smart contract building blocks.

xdeployer

Hardhat plugin to deploy your smart contracts across multiple EVM chains with the same deterministic address.

createx

Factory smart contract to make easier and safer usage of the `CREATE` and `CREATE2` EVM opcodes as well as of `CREATE3`-based (i.e. without an initcode factor) contract creations.

create2deployer

Helper smart contract to make easier and safer usage of the `CREATE2` EVM opcode.

hardhat-project-template-ts

A fully-fledged Hardhat project template based on TypeScript.

ecdsa-nonce-reuse-attack

This repository implements a Python function that recovers the private key from two different signatures that use the same random nonce during signature generation.

tornado-cash-exploit

This repository implements a simplified PoC that showcases how a contract can morph. A similar approach was used as part of the governance attack on Tornado Cash in May 2023.

metatx

A smart contract to enable ERC-20 token meta-transactions on Ethereum.

escrow-contract

A simple multilateral escrow smart contract for ETH and ERC-20 tokens governed by Cobie.

raw-tx

Three scripts to ordinary generate, EIP-4844-type generate, and execute a signed raw transaction with `ethers`.

torn-detector

Detect if a contract has been deployed in the latest (or predefined) block from an address that was previously funded through Tornado.Cash.

solidity-games

A repository for Solidity-based smart contract games.

meth

The moment you Rust, you should look for your Mojo 🔥.

batch-distributor

Helper smart contract for batch sending both native and ERC-20 tokens.

p256-verifier-vyper

P256 (a.k.a. secp256r1 elliptic curve) signature verification 🐍Vyper contract.

create-util

Helper smart contract to make easier and safer usage of the `CREATE` EVM opcode.

mnemonic-to-private-key

A JavaScript script that converts the mnemonic phrase into a wallet private key using the ethers.js library.

ethereum-key-generation-python

Generating Ethereum addresses in Python.

pcaversaccio

My public profile.

fork-testing-evm-compatibility

This repository implements a simple fork test on Optimism that proves that the EVM behaviour of the forked chain is not identically replicated locally.

erc20-permit-upgradeable

Permit-enabled, upgradeable ERC20 smart contract template.

erc20-oz-sdk

How to deploy an ERC20 smart contract using OpenZeppelin SDK and write a TokenExchange smart contract.

zksync-vyper-sandbox

A sandbox environment for ZKsync Era Vyper compiler testing.

mass-key-generation

A repository for mass public-private key generation (Bitcoin & Ethereum).

tornado-cash-ether-withdrawal-decipherer

Deciphering the ether transactions in the Tornado.Cash withdrawals.

bitsquatting

Helper script for generating permutations of an ENS domain that differ by 1-bit from the original domain.

gpg-sign-and-encrypt

This guide explains how to sign and encrypt an email using the `gpg` (GNU Privacy Guard) tool from the command line.

ethereum-key-generation

A repository that shows how to generate a private / public key pair using web3.js or HD wallets.

tokenbridge-helium-ethereum

A tokenbridge between the Helium blockchain (native network) and the Ethereum blockchain (foreign network).

chainlink-price-feed

Retrieve the ETH/USD price feed from Chainlink's oracle using Infura.

connection-vscode-to-google-colab-gpus

A step-by-step guide to connecting the local Visual Studio Code to Google Colab's GPU runtime.

pool-viewer

Similar to an ETH2 block explorer, but focused only on recent data.

pcaversaccio.github.io

My personal website.

payfoot-token-contract

This is PayFoot's ERC-20 smart contract, whose tokens are used as stablecoins in their ecosystem.

configurations

Monorepo for my personal configurations.

startfeld-token-contract

This is Startfeld's ERC-20 smart contract, whose tokens are used as vouchers in their ecosystem.

randao-distribution

Empirical distribution of the randomness beacon (=RANDAO) provided by the Beacon chain.

porini-community-token-contract

This is Porini's ERC-20 smart contract, whose tokens can activate communities to support conservation activities and learn about blockchain technology.

impact-dollar-token-contract

This is Impact Dollar's ERC-20 smart contract, whose tokens can deliver a demonstrable contribution to conservation and protected areas through digital collectibles.

block-explorer-swissdlt

A block explorer for the Swiss DLT blockchain.

interface-solc-test

saentis-gulden-token-contract

This is Säntis Gulden's ERC-20 smart contract, whose tokens are used as vouchers in their ecosystem.

ath-erc20-token

Smart contract of the Alethena (ATH) token.

telegram-group-counter

A simple Python script to check how many Telegram groups a user is in.