Missing checks in ECDSA verification

This ECDSA verification code does not do any of the sanity checks required (see e.g. https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm#Signature_verification_algorithm):

threshold-signatures/src/ecdsa/mod.rs

Lines 271 to 286 in 8e255a5

    
               pub fn verify(&self, pubkey: &GE, message: &MessageHashType) -> bool { 
        
                   let g: GE = ECPoint::generator(); 
        
                   let s_invert = self.s.invert(); 
        
                   let u1 = (*message) * s_invert; 
        
                   let u2 = self.r * s_invert; 
        
                   self.r 
        
                       == ECScalar::from( 
        
                           &(g * u1 + pubkey * &u2) 
        
                               .x_coor() 
        
                               .unwrap() 
        
                               .mod_floor(&FE::q()), 
        
                       ) 
        
               } 
        
           }

Probably not a big risk for the lib though.

It is obvious that values s and r must be checked whether they are elements of Z_q. However, note that both values are of type curv::Secp256k1Scalar, where constructing a value from BigInt source applies mod q operation:
https://github.com/ZenGo-X/curv/blob/master/src/elliptic/curves/secp256_k1.rs#L120

Yeah these are field elements. Was thinking of the pubkey validation and point identity check during verification.

	pub fn verify(&self, pubkey: &GE, message: &MessageHashType) -> bool {
	let g: GE = ECPoint::generator();

	let s_invert = self.s.invert();
	let u1 = (message) s_invert;
	let u2 = self.r * s_invert;

	self.r
	== ECScalar::from(
	&(g * u1 + pubkey * &u2)
	.x_coor()
	.unwrap()
	.mod_floor(&FE::q()),
	)
	}
	}