Smart Contract / Signature Malleability



Signature malleability is a vulnerability in Smart Contracts (SWC) that allows an attacker to modify the signature of a transaction before broadcasting it to the blockchain network. It is classified as a type of Tampering vulnerability and is listed in the Common Weakness Enumeration (CWE) directory. According to OWASP, it is caused by a lack of proper validation of a transaction's signature, allowing for tampering and forgery of data. This can lead to unauthorised transactions and data manipulation.


Signature malleability is a severe vulnerability as it can result in financial loss, data manipulation and other malicious activities. It is also difficult to detect and prevent, as the vulnerability occurs at the protocol level. The risk of this vulnerability can be assessed by analysing the potential damage that can be caused by the vulnerability.


The best way to fix the vulnerability is by preventing it from occurring in the first place. This can be done by implementing proper validation of transaction signatures. In addition, it is important to ensure that the code is regularly monitored and tested for any signs of tampering.


This example is taken from the Common Vulnerabilities and Exposures (CVE) directory. In this example, the attacker is able to modify the signature of a transaction before broadcasting it:

// Initial Signature
let initialSignature = "0x12345";

// Modified Signature
let modifiedSignature = "0x54321";

// Transaction
let transaction = {
    data: { ... },
    signature: initialSignature

// Attacker modifies the signature
transaction.signature = modifiedSignature;

// Broadcast the modified transaction

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.