From 42f3301730d5e364cfea91e915fbbd21f1c1f923 Mon Sep 17 00:00:00 2001
From: wborgeaud <williamborgeaud@gmail.com>
Date: Thu, 25 May 2023 14:15:48 +0200
Subject: [PATCH] Fix ecrecover edge case (#1057)

---
 evm/src/cpu/kernel/asm/curve/secp256k1/ecrecover.asm | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/evm/src/cpu/kernel/asm/curve/secp256k1/ecrecover.asm b/evm/src/cpu/kernel/asm/curve/secp256k1/ecrecover.asm
index 951ca97c..c84536d8 100644
--- a/evm/src/cpu/kernel/asm/curve/secp256k1/ecrecover.asm
+++ b/evm/src/cpu/kernel/asm/curve/secp256k1/ecrecover.asm
@@ -100,9 +100,15 @@ ecdsa_after_precompute_loop_contd2:
     %stack (accx, accy, i, a0, a1, b0, b1, retdest) -> (i, accx, accy, a0, a1, b0, b1, retdest)
     %decrement %jump(ecdsa_after_precompute_loop)
 ecdsa_after_precompute_loop_end:
+    // Check that the public key is not the point at infinity. See https://github.com/ethereum/eth-keys/pull/76 for discussion.
+    DUP2 DUP2 ISZERO SWAP1 ISZERO MUL %jumpi(pk_is_infinity)
     %stack (accx, accy, ecdsa_after_precompute_loop_contd2, i, a0, a1, b0, b1, retdest) -> (retdest, accx, accy)
     JUMP
 
+pk_is_infinity:
+    %stack (accx, accy, ecdsa_after_precompute_loop_contd2, i, a0, a1, b0, b1, pubkey_to_addr, retdest) -> (retdest, @U256_MAX)
+    JUMP
+
 // Take a public key (PKx, PKy) and return the associated address KECCAK256(PKx || PKy)[-20:].
 pubkey_to_addr:
     // stack: PKx, PKy, retdest