Report #34449

Potential Risk from Dubious Typecasting in ECDSAUpgradeable: Issues with Signature Recovery

Immunefi Response

We have reviewed your report and regret to inform you that we will have to close it due to inadequate proof of concept (PoC).

Immunefi review:

• assessed impact by the triage team is not in scope for the bug bounty program
• assessed asset by the triage team is in scope for the bug bounty program
• The submitted PoC is inadequate for the described issue.
• Technical Review:
• The proof of concept does not demonstrate the described impact and fails to present proof of a signature which bypasses verification. Additionally, the deployment and testing steps are presented as a step by step guide, which is not acceptable as proof of concept. The test must be runnable.

To ensure the proper escalation and evaluation of your report, Immunefi has checked the PoC to see if it matches the assessed impact and bug description, as well as verified the accuracy of your claims.

Please note that the project's team will receive a report of the closed submission and may choose to re-open it at their discretion. However, they are under no obligation to do so.