Intent-Code Divergence
Medium
- Confidence
- 99% confidence
- Finding
- This is a true vulnerability: the function claims to verify a cryptographic signature but actually accepts any non-empty string. In an escrow-by-invariants system, that lets an attacker satisfy a supposedly strong verification criterion with forged data, potentially causing unauthorized task acceptance or payment release.
