CVE-2022-35961 is a medium-severity vulnerability affecting the OpenZeppelin Contracts library, specifically versions from 4.1.0 up to but not including 4.7.3. OpenZeppelin Contracts is widely used for secure smart contract development on blockchain platforms, particularly Ethereum. The vulnerability arises in the ECDSA (Elliptic Curve Digital Signature Algorithm) signature recovery functions, namely `ECDSA.recover` and `ECDSA.tryRecover`. These functions are designed to recover the signer address from a given signature and message hash, a critical step in verifying authenticity and integrity of signed data in smart contracts. The issue is due to improper validation of signature integrity when accepting EIP-2098 compact signatures alongside the traditional 65-byte signature format. EIP-2098 introduces a compact 64-byte signature format that can represent the same signature in a different encoding. The vulnerable functions that accept a single `bytes` argument fail to properly distinguish between these formats, leading to signature malleability. This malleability allows an attacker to take a previously submitted signature and submit it again in a different form, bypassing signature reuse or replay protection mechanisms that mark the signature itself as used rather than the underlying message or nonce. This can lead to unauthorized repeated execution of certain contract functions that rely on signature uniqueness for security. Notably, functions that take separate `r, v, s` or `r, vs` parameters are not affected. The vulnerability has been addressed and patched in OpenZeppelin Contracts version 4.7.3. There are no known exploits in the wild reported to date. The root cause is classified under CWE-354: Improper Validation of Integrity Check Value, highlighting the failure to correctly validate signature formats and uniqueness. This vulnerability is particularly relevant for smart contracts implementing signature-based replay protection or signature reuse prevention by tracking signatures themselves rather than signed messages or nonces.

For European organizations utilizing blockchain technologies, decentralized finance (DeFi) platforms, or other applications built on Ethereum or compatible chains that rely on OpenZeppelin Contracts, this vulnerability poses a risk of replay attacks. Attackers could reuse valid signatures in alternate formats to bypass replay protections, potentially leading to unauthorized transactions, double-spending, or repeated execution of privileged contract functions. This undermines the integrity and trustworthiness of smart contract operations, potentially causing financial loss, reputational damage, and regulatory scrutiny. Organizations involved in financial services, supply chain management, or identity verification using smart contracts are particularly at risk. The impact is more pronounced for contracts that rely solely on marking signatures as used rather than incorporating message-level replay protections such as nonces or timestamps. Although no active exploits are known, the widespread use of OpenZeppelin Contracts in the European blockchain ecosystem means that vulnerable contracts could be targeted once exploit techniques become publicly available. The vulnerability does not directly affect confidentiality but impacts integrity and availability by enabling unauthorized contract interactions and potential denial of legitimate operations due to replayed transactions.

1. Upgrade all OpenZeppelin Contracts dependencies to version 4.7.3 or later to ensure the patch is applied. 2. Review smart contract implementations to avoid relying solely on signature reuse prevention by marking signatures as used; instead, implement replay protection at the message or nonce level to uniquely identify each signed message. 3. Audit all uses of `ECDSA.recover` and `ECDSA.tryRecover` functions that accept a single `bytes` argument to verify they handle signature formats correctly and do not allow malleable signatures. 4. For legacy contracts that cannot be upgraded immediately, consider deploying wrapper contracts or off-chain validation layers that enforce strict signature format checks and reject malleable signatures. 5. Educate developers on the differences between EIP-2098 compact signatures and traditional signatures, emphasizing the importance of validating signature formats and preventing malleability. 6. Monitor blockchain transactions for suspicious replay patterns involving signature reuse in different formats. 7. Engage in regular security audits focusing on cryptographic signature handling and replay protection mechanisms within smart contracts.