[L-06] Direct usage of ecrecover allows signature malleability

[madMax92221]

The getSender function of SalesPolicy.sol calls the Solidity ecrecover function directly to verify the given signatures. However, the ecrecover EVM opcode allows malleable (non-unique) signatures and thus is susceptible to replay attacks.

SWC-117: Signature Malleability

Use the recover function from OpenZeppelin's ECDSA library for signature verification.

[wankhede04]

fixed at commit 6ef5bc7