Fix: ETH verify_signature fails on checksummed addresses

src/aleph/sdk/chains/ethereum.py

@@ -54,7 +54,7 @@ def verify_signature(
     Verifies a signature.
     Args:
         signature: The signature to verify. Can be a hex encoded string or bytes.
-        public_key: The sender's public key to use for verification. Can be a checksummed, hex encoded string or bytes.
+        public_key: The sender's public key to use for verification. Can be a checksum, hex encoded string or bytes.
         message: The message to verify. Can be an utf-8 string or bytes.
     Raises:
         BadSignatureError: If the signature is invalid.
@@ -75,7 +75,7 @@ def verify_signature(
     message_hash = encode_defunct(text=message)
     try:
         address = Account.recover_message(message_hash, signature=signature)
-        if address != public_key:
+        if address.casefold() != public_key.casefold():
             raise BadSignatureError
     except (EthBadSignatureError, BadSignatureError) as e:
         raise BadSignatureError from e

tests/unit/test_chain_ethereum.py

@@ -63,6 +63,23 @@ async def test_verify_signature(ethereum_account):
         message["signature"], message["sender"], get_verification_buffer(message)
     )
 
+    # cover all branching options
+    verify_signature(
+        message["signature"][2:],
+        message["sender"],
+        get_verification_buffer(message),
+    )
+    verify_signature(
+        bytes(message["signature"], "utf-8"),
+        bytes.fromhex(message["sender"][2:]),
+        get_verification_buffer(message).decode("utf-8"),
+    )
+    verify_signature(
+        bytes(message["signature"], "utf-8")[2:],
+        message["sender"],
+        get_verification_buffer(message),
+    )
+
 
 @pytest.mark.asyncio
 async def test_verify_signature_with_forged_signature(ethereum_account):
@@ -98,3 +115,26 @@ async def test_decrypt_secp256k1(ethereum_account):
     decrypted = await account.decrypt(encrypted)
     assert type(decrypted) == bytes
     assert content == decrypted
+
+
+@pytest.mark.asyncio
+async def test_verify_signature_wrong_public_key(ethereum_account):
+    account = ethereum_account
+
+    message = asdict(
+        Message(
+            "ETH",
+            account.get_address(),
+            "POST",
+            "SomeHash",
+        )
+    )
+
+    await account.sign_message(message)
+    assert message["signature"]
+
+    wrong_public_key: str = "0x" + "0" * 130
+    with pytest.raises(BadSignatureError):
+        verify_signature(
+            message["signature"], wrong_public_key, get_verification_buffer(message)
+        )

tests/unit/test_chain_solana.py

@@ -60,6 +60,10 @@ async def test_SOLAccount(solana_account):
     assert verif == verification_buffer
     assert message["sender"] == signature["publicKey"]
 
+    pubkey = solana_account.get_public_key()
+    assert type(pubkey) == str
+    assert len(pubkey) == 64
+
 
 @pytest.mark.asyncio
 async def test_decrypt_curve25516(solana_account):
@@ -90,6 +94,13 @@ async def test_verify_signature(solana_account):
 
     verify_signature(raw_signature, message["sender"], get_verification_buffer(message))
 
+    # as bytes
+    verify_signature(
+        base58.b58decode(raw_signature),
+        base58.b58decode(message["sender"]),
+        get_verification_buffer(message).decode("utf-8"),
+    )
+
 
 @pytest.mark.asyncio
 async def test_verify_signature_with_forged_signature(solana_account):