vm: add s check back to 7702

jochem-brouwer · jochem-brouwer · commit 284f1debfec9 · 2024-10-12T13:45:40.000+02:00
diff --git a/packages/vm/src/runTx.ts b/packages/vm/src/runTx.ts
@@ -9,6 +9,7 @@ import {
   BIGINT_1,
   KECCAK256_NULL,
   MAX_UINT64,
+  SECP256K1_ORDER_DIV_2,
   bytesToBigInt,
   bytesToHex,
   bytesToUnprefixedHex,
@@ -453,9 +454,15 @@ async function _runTx(vm: VM, opts: RunTxOpts): Promise<RunTxResult> {
         // EIPs PR: https://github.com/ethereum/EIPs/pull/8938
         continue
       }
+      const s = data[5]
+      if (bytesToBigInt(s) > SECP256K1_ORDER_DIV_2) {
+        // Malleability protection to avoid "flipping" a valid signature to get
+        // another valid signature (which yields the same account on `ecrecover`)
+        // This is invalid, so skip this auth tuple
+        continue
+      }
       const yParity = bytesToBigInt(data[3])
       const r = data[4]
-      const s = data[5]
 
       const rlpdSignedMessage = RLP.encode([chainId, address, nonce])
       const toSign = keccak256(concatBytes(MAGIC, rlpdSignedMessage))
