Giters

mantlenetworkio / mantle

Mantle | Mass adoption of decentralized & token-governed technologies. With Mantle Network, Mantle Treasury, and token holder-governed products initiatives.

Home Page:https://www.mantle.xyz

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[tsslib]Sigma audit feedback, MNT-10: Incorrect Error Returned With Empty Signature

abelliumnt opened this issue · comments

commented

Describe the bug

generateSignature in may return an empty signature data in a successful response.

In of tss/node/tsslib/keysign/tss_keysign.go, if an error is detected when calling codeSetupIDMaps() an empty signature data field is returned. However, it is returned with an incorrect error object ( err instead of err1 or err2 ), meaning that an empty signature will be erroneously used later on:

image

Then the check in tss/node/tsslib/keysign.go:generateSignature() line [48] will fail (due to err being nil ), re- turning an empty signature in the successful response on line [59]:

image

Expected behavior
Correct tss/node/tsslib/keysign/tss_keysign.go line [103] to return the relevant err1 or err2 instead of err .