Zodiac released a security incident report, stating that the ERC-1271 verification flaw had previously allowed attackers to bypass module authentication
The Zodiac team released a security incident analysis report regarding the impact on the Zodiac Roles Modifier, disclosing that the root cause of the vulnerability lies in a flaw in the ERC-1271 transaction signature verification logic: the system only determines the validity of the signature based on the returned "magic value" without verifying whether the call itself was successful, which may disguise a failed verification as a valid signature, bypassing the module authentication mechanism.
