From 6ed4db667b05eca70dc43a9b8b7a463f9e6580fd Mon Sep 17 00:00:00 2001
From: hongdexiang <1090664234@qq.com>
Date: Thu, 30 Jan 2025 21:27:50 +0800
Subject: [PATCH 1/2] fix: fix unmarshalPubkey

---
 crypto/crypto.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/crypto/crypto.go b/crypto/crypto.go
index 88c44d0e2..cb09c5b1c 100644
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -39,7 +39,7 @@ import (
 	"golang.org/x/crypto/sha3"
 )
 
-//SignatureLength indicates the byte length required to carry a signature with recovery id.
+// SignatureLength indicates the byte length required to carry a signature with recovery id.
 const SignatureLength = 64 + 1 // 64 bytes ECDSA signature + 1 byte recovery id
 
 // RecoveryIDOffset points to the byte offset within the signature that contains the recovery id.
@@ -204,6 +204,9 @@ func UnmarshalPubkey(pub []byte) (*ecdsa.PublicKey, error) {
 	if x == nil {
 		return nil, errInvalidPubkey
 	}
+	if !S256().IsOnCurve(x, y) {
+		return nil, errInvalidPubkey
+	}
 	return &ecdsa.PublicKey{Curve: S256(), X: x, Y: y}, nil
 }
 

From bbe60dc93bf52568136f8f94624e4993d03a6ef8 Mon Sep 17 00:00:00 2001
From: hongdexiang <1090664234@qq.com>
Date: Thu, 30 Jan 2025 21:46:01 +0800
Subject: [PATCH 2/2] fix: fix ci workflow

---
 .github/workflows/docker-build.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml
index 55bbc14f9..327c30a24 100644
--- a/.github/workflows/docker-build.yaml
+++ b/.github/workflows/docker-build.yaml
@@ -18,7 +18,7 @@ env:
 
 jobs:
   CI:
-    runs-on: [self-hosted,prod-cicd-runners]
+    runs-on: [prod-cicd-runners]
     steps:
     - uses: actions/checkout@v3
     # - uses: actions/setup-go@v3