-
Notifications
You must be signed in to change notification settings - Fork 11.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add tooling to verify signatures with support for ERC1271 #2532
Conversation
69524f0
to
a8011dc
Compare
a8011dc
to
160fd2e
Compare
dd12291
to
156ce66
Compare
SignatureChecker is a library for seamless verification of signature with support for both EOA (ECDSA) and smart contract wallets (ERC1271)
156ce66
to
9a2b018
Compare
return false; | ||
} | ||
} else { | ||
return ECDSA.recover(hash, signature) == signer; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From our recommendation in ECDSA
:
openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol
Lines 20 to 24 in 5ecd2b8
* IMPORTANT: `hash` _must_ be the result of a hash operation for the | |
* verification to be secure: it is possible to craft signatures that | |
* recover to arbitrary addresses for non-hashed data. A safe way to ensure | |
* this is by receiving a hash of the original message (which may otherwise | |
* be too long), and then calling {toEthSignedMessageHash} on it. |
We should be providing some other link in the docs, but there is more info in this article.
So, is this function really safe? Isn't it vulnerable to crafting signature
and hash
values that will recover to the signer
but which do not correspond to a real ECDSA signature?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, is this function really safe? Isn't it vulnerable to crafting signature and hash values that will recover to the signer but which do not correspond to a real ECDSA signature?
Our own ECDSA.recover doesn't enforce that. You can technically use it to recover a hash that was not properly formated. The same goes for a smart wallet 1271 implementation (the code in isValidSignature
). In both cases, we cannot do anything about it (the hash might be 191, or 712, or anything not yet standardized. The best we can do is adding the warning you mentioned in the interface for 1271.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, for some reason I thought this API was more vulnerable to misuse, but now that I'm looking at it again it I can see that it's the same.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
SignatureChecker is a library for seamless verification of signatures with support for both EOA (ECDSA) and smart contract wallets (ERC1271).
While still being a draft, this ERC is supported by smart contract wallets such as Argent.
I believe this feature could greatly improve the compatibility of dapps that relies on message signatures with such wallets. In particular since Argent is now able to sign messages (including ERC721 typedData) through WalletConnect.
Continuation of #2459
FIxes #2535
PR Checklist