Transaction Malleablity Possible #95
Description
This issue is being reported as part of the ongoing audit being conducted by Authio for Kyokan.
Severity: Note
The signature library used doesn't throw on signatures which have the form (r, -s mod n), and so accepts the non-canonical signature form. https://eklitzke.org/bitcoin-transaction-malleability is a good reference on signature malleability. We haven't found a case where this problem can be used to have an affect on the application, but given the complexity of the plasma chain system and its extensive use of signatures best practice would be to have the signature library reject the non-canonical form.
Remediation is to include a check that s < n/2 in the ECDSA library.