Описание
Babylon's BIP322 signature implementation is not fully compliant to the spec
Summary
The BIP-322 signature verification does not enforce the SIGHASH value to be SIGHASH_ALL, and therefore is not strictly following the spec.
Impact
Non-compliant BIP-322 signatures in proof of possessions can be accepted by the chain.
Пакеты
Наименование
github.com/babylonlabs-io/babylon/v4
go
Затронутые версииВерсия исправления
< 4.1.0
4.1.0
6.9 Medium
CVSS4
Дефекты
CWE-347
6.9 Medium
CVSS4
Дефекты
CWE-347