Skip to content

adds guards for overflowing r/s values #3

Merged
brendanjryan merged 1 commit into
mainfrom
brendanryan-safe-encode
Jan 16, 2026
Merged

adds guards for overflowing r/s values #3
brendanjryan merged 1 commit into
mainfrom
brendanryan-safe-encode

Conversation

@brendanjryan

Copy link
Copy Markdown
Collaborator

Context

With untrusted input a caller could cause this library to panic if attempting to recover the signature from a payload which has an invalid R/S value.

This PR guards against this scenario by checking R/S values in signing/decoding.

Test plan

  • Added tests for serde and roundtripping with overflowing values

As a follow up I want to add additional fuzz tests as well. This should come in the next few days

@brendanjryan brendanjryan changed the title adds guards for overflowing rlp encoders adds guards for overflowing r/s values Dec 12, 2025
@brendanjryan brendanjryan requested a review from gakonst December 12, 2025 00:51
@brendanjryan

Copy link
Copy Markdown
Collaborator Author

fuzz harness which exposes this bug: #4

@brendanjryan brendanjryan merged commit aa26659 into main Jan 16, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant