[tsslib]Sigma audit feedback, MNT-10: Incorrect Error Returned With Empty Signature
abelliumnt opened this issue · comments
Describe the bug
generateSignature
in may return an empty signature data in a successful response.
In of tss/node/tsslib/keysign/tss_keysign.go, if an error is detected when calling codeSetupIDMaps() an empty signature data field is returned. However, it is returned with an incorrect error object ( err instead of err1 or err2 ), meaning that an empty signature will be erroneously used later on:
Then the check in tss/node/tsslib/keysign.go:generateSignature() line [48] will fail (due to err being nil ), re- turning an empty signature in the successful response on line [59]:
Expected behavior
Correct tss/node/tsslib/keysign/tss_keysign.go line [103] to return the relevant err1 or err2 instead of err .