From 678c5e13a383637a24a915598af55a64e316544f Mon Sep 17 00:00:00 2001
From: rdubois-crypto <renaud.dubois.fr@gmail.com>
Date: Wed, 27 Sep 2023 10:24:53 +0200
Subject: [PATCH] Fix Critical Vul : Null Signature

As now it is possible to withdraw all funds by submitting Null Signature
to any PubKey, Message pair.

(already updated on obvious repo)
---
 contracts/core/PasskeyVerificationLibrary.sol | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/contracts/core/PasskeyVerificationLibrary.sol b/contracts/core/PasskeyVerificationLibrary.sol
index 233d396..d5e42a8 100644
--- a/contracts/core/PasskeyVerificationLibrary.sol
+++ b/contracts/core/PasskeyVerificationLibrary.sol
@@ -32,10 +32,11 @@ library Secp256r1 {
     uint256 constant MOST_SIGNIFICANT = 0xc000000000000000000000000000000000000000000000000000000000000000;
 
     
+      
     function Verify(Passkey memory passKey, uint r, uint s, uint e)
         internal view returns (bool)
     {
-        if (r >= nn || s >= nn) {
+       if (r==0 || s== 0 ||r >= nn || s >= nn) {/* testing null signature, otherwise (0,0) is valid for any message*/
             return false;
         }
 
@@ -46,7 +47,7 @@ library Secp256r1 {
     function VerifyWithPrecompute(JPoint[16] memory points, uint r, uint s, uint e)
         internal view returns (bool)
     {
-        if (r >= nn || s >= nn) {
+         if (r==0 || s== 0 ||r >= nn || s >= nn) {/* testing null signature, otherwise (0,0) is valid for any message*/
             return false;
         }
 
@@ -310,4 +311,4 @@ library Secp256r1 {
         }        
     }
 
-}
\ No newline at end of file
+}