F-2026-0026·redundant-check

Duplicate public key length validation in Bridge::registerKeyPairWithTransfer

Fixedbridgecross-chainkey-registrygithub.com/pdxwebdev/yadakeyeventwallet
TL;DR

registerKeyPairWithTransfer re-checks publicKey.length even though getAddressFromPublicKey already enforces the same constraint immediately above.

Severity
INFO
Impact
LOW
Likelihood
LOW
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description

Description

In Bridge::registerKeyPairWithTransfer, the public key length is validated more than once. First, the contract calls:

solidity
address unconfirmedPublicKey =
  getAddressFromPublicKey(ctx.unconfirmed.publicKey);

Inside Bridge::getAddressFromPublicKey, the length is already checked:

solidity
function getAddressFromPublicKey(bytes memory publicKey)
public pure returns (address) {
    if (publicKey.length != PUBLIC_KEY_LENGTH) revert InvalidPublicKey();
    // ...
}

Later in the same function, the code checks the length again:

solidity
if (ctx.unconfirmed.publicKey.length != PUBLIC_KEY_LENGTH)
    revert InvalidPublicKey();

Since Bridge::getAddressFromPublicKey already reverts if the length is incorrect, these additional length checks are unnecessary and will never catch anything new.

03Section · Recommendation

Recommendation

Remove the duplicate length checks and rely on Bridge::getAddressFromPublicKey to handle validation.

04Section · Resolution

Resolution

YadaCoin, Confirmed.

Zealynx, Fixed.

Status
Fixed
ZEALYNX SECURITY · published 2026-03-05
F-2026-0026