Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Users using EIP-1271 for signatures can be forced into loans as the wrong party without consent
MiloTruckPosted 2 Years Ago- When a user is creating a loan, they provide the signature of the opposite party. If the sender of the call is a borrower, then the lender would need to be the other signature. All of these signatures are validated within the protocol.
- The side of the signature is not validated though. As a result, an attacker can force a signature to be used for the wrong purpose. In particular, a signature for a borrow can be used to force a user to become a lender.
- Cryptography is great! However, the use case is just as important as the math.
