Description
An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatures in some cases (or even the reuse of signatures, intended for one type of message, for another type). This also affects Private Instant Verified Transactions (PIVX) through 3.4.0.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-Security-Audit-Red4Sec-2019.pdf
Scores
CVSS v3
7.5
EPSS
0.0074
EPSS Percentile
49.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-347
Status
published
Products (2)
decentralized_anonymous_payment_system_project/decentralized_anonymous_payment_system
< 2019-08-26
pivx/private_instant_verified_transactions
< 3.4.0
Published
Dec 04, 2019
Tracked Since
Feb 18, 2026