Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

apegurus/signature-malleability

Name: signature-malleability
Author: apegurus

skills/vulnerability-patterns/signature-malleability/SKILL.md

npx skillsauth add apegurus/solidity-argus signature-malleability

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Signature Malleability

Preconditions

Contract uses ECDSA signatures for authorization or deduplication
Signatures are tracked by their raw bytes (e.g., mapping(bytes => bool)) to prevent replay
No enforcement that the s value is in the lower half of the curve order

Vulnerable Pattern

mapping(bytes => bool) public usedSignatures;

function claimReward(bytes memory signature, uint256 amount) external {
    // Deduplication by raw signature bytes
    require(!usedSignatures[signature], "already used");

    bytes32 hash = keccak256(abi.encodePacked(msg.sender, amount));
    address signer = ecrecover(hash, v, r, s);
    require(signer == trustedSigner);

    usedSignatures[signature] = true; // Attacker submits (r, n-s, flipped_v)
    // to bypass this check with a valid but different signature
    _payout(msg.sender, amount);
}

Detection Heuristics

Search for mapping(bytes => bool) or any mapping keyed by raw signature bytes
If signatures are used as mapping keys for deduplication, flag it — an attacker can compute the complementary (r, n-s) signature
Check if ecrecover is called directly without an s-value range check
Check if OpenZeppelin's ECDSA library is used (it enforces lower-s normalization)
If neither a library nor a manual s < secp256k1n/2 check is present, flag it

False Positives

Signatures are deduplicated by message hash or nonce, not by raw signature bytes
OpenZeppelin's ECDSA.recover is used, which rejects high-s signatures
Manual check enforces s <= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0

Remediation

Track used signatures by message hash or nonce, not by raw signature bytes
Use OpenZeppelin's ECDSA.recover which enforces s in the lower half of the curve order
If using raw ecrecover, add a manual s-value check

// Use nonce-based deduplication instead of signature bytes
mapping(address => uint256) public nonces;

function claimReward(uint8 v, bytes32 r, bytes32 s, uint256 amount) external {
    uint256 nonce = nonces[msg.sender]++;
    bytes32 hash = keccak256(abi.encodePacked(msg.sender, amount, nonce));
    address signer = ECDSA.recover(hash, v, r, s); // Rejects malleable sigs
    require(signer == trustedSigner);
    _payout(msg.sender, amount);
}

apegurus/signature-malleability

skills/vulnerability-patterns/signature-malleability/SKILL.md

Contract uses ECDSA signatures for authorization or deduplication

tools

Updated May 13, 2026

$ install --global

skillsauth

npx skillsauth add apegurus/solidity-argus signature-malleability

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 13, 2026, 3:30 AM125.4s1 file scanned

SKILL.md

name:: signature-malleability
description:: Signature verification path to inspect for nonce and domain separation
pattern_category:: signature
- regex:: ECDSA
severity:: Low
confidence:: Medium

Signature Malleability

Preconditions

Contract uses ECDSA signatures for authorization or deduplication
Signatures are tracked by their raw bytes (e.g., mapping(bytes => bool)) to prevent replay
No enforcement that the s value is in the lower half of the curve order

Vulnerable Pattern

mapping(bytes => bool) public usedSignatures;

function claimReward(bytes memory signature, uint256 amount) external {
    // Deduplication by raw signature bytes
    require(!usedSignatures[signature], "already used");

    bytes32 hash = keccak256(abi.encodePacked(msg.sender, amount));
    address signer = ecrecover(hash, v, r, s);
    require(signer == trustedSigner);

    usedSignatures[signature] = true; // Attacker submits (r, n-s, flipped_v)
    // to bypass this check with a valid but different signature
    _payout(msg.sender, amount);
}

Detection Heuristics

Search for mapping(bytes => bool) or any mapping keyed by raw signature bytes
If signatures are used as mapping keys for deduplication, flag it — an attacker can compute the complementary (r, n-s) signature
Check if ecrecover is called directly without an s-value range check
Check if OpenZeppelin's ECDSA library is used (it enforces lower-s normalization)
If neither a library nor a manual s < secp256k1n/2 check is present, flag it

False Positives

Signatures are deduplicated by message hash or nonce, not by raw signature bytes
OpenZeppelin's ECDSA.recover is used, which rejects high-s signatures
Manual check enforces s <= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0

Remediation

Track used signatures by message hash or nonce, not by raw signature bytes
Use OpenZeppelin's ECDSA.recover which enforces s in the lower half of the curve order
If using raw ecrecover, add a manual s-value check

// Use nonce-based deduplication instead of signature bytes
mapping(address => uint256) public nonces;

function claimReward(uint8 v, bytes32 r, bytes32 s, uint256 amount) external {
    uint256 nonce = nonces[msg.sender]++;
    bytes32 hash = keccak256(abi.encodePacked(msg.sender, amount, nonce));
    address signer = ECDSA.recover(hash, v, r, s); // Rejects malleable sigs
    require(signer == trustedSigner);
    _payout(msg.sender, amount);
}

Related Skills

apegurus/vector-scan

testing

VerifiedTrustedCommunity

Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.

SKILL.mdUpdated May 30, 2026

apegurus/periphery

tools

VerifiedTrustedCommunity

Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

testing

VerifiedTrustedCommunity

Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

apegurus/invariant

testing

VerifiedTrustedCommunity

Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.

SKILL.mdUpdated May 30, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/apegurus/solidity-argus.git

# Copy into Claude Code skills folder (global)
cp -r solidity-argus/skills/vulnerability-patterns/signature-malleability ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

apegurus/solidity-argus

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT