Chainvet
Detectors

Cryptographic

2 detectors (CR-01, CR-02) for missing signature verification and ECDSA signature malleability.

Cryptographic detectors (CR) catch flaws in signature handling — trusting data that was never verified, and ECDSA malleability. 2 detectors.

IDSlugSeverityConfidenceWhat it detects
CR-01lack-of-signature-verificationHighMediumAn operation trusts data without verifying an accompanying signature.
CR-02signature-malleabilityMediumHighECDSA signature handling vulnerable to malleability (e.g. missing s/v range checks).

Remediation

Verify signatures against the expected signer, reject malleable signatures (enforce low-s and canonical v), and prefer audited libraries such as OpenZeppelin's ECDSA. Include a nonce and domain separator (EIP-712) to prevent replay.