feat: signatures#96
Conversation
tfius
left a comment
tfius
left a comment
There was a problem hiding this comment.
Did you check eip-712 https://github.com/Mrtenz/eip-712 ?
| ) public pure returns (bytes32 r_, bytes32 s_, uint8 v_) { | ||
| require(sig.length == 65, "invalid signature length"); | ||
|
|
||
| assembly { |
There was a problem hiding this comment.
if you can avoid assembly and send r,s,v directly into recoverSigner, you would simplyfy contract
There was a problem hiding this comment.
but the assemly part sets values for r_, s_ and v_, those are output parameters.
| */ | ||
| return | ||
| keccak256( | ||
| abi.encodePacked("\x19Ethereum Signed Message:\n32", _messageHash) |
There was a problem hiding this comment.
the added prefix string would make it an invalid as transaction
There was a problem hiding this comment.
this is the way how Bee client signs all message
https://github.com/ethersphere/bee/blob/master/pkg/crypto/signer.go#L82-L83
we do not check signed blockchain transactions with this function.
|
I am kinda missing context where is this going to be used ? Will this be used to verify postageStamp signer and only for it ? If you plan to do any multisig kind verification then I have a huntch the replay attack could happen since there is no nonce. |
tfius
left a comment
tfius
left a comment
There was a problem hiding this comment.
if r,s,v can be supplied from outside, i would remove assembly part
|
the postage stamp sig check will be used in the storage incentives. though, it can be a utility function for something else as well in the future.
exactly. how can you have man in the middle attack here? you need the private key from of postage stamp owner to sign the message. |
|
if timestamp would not change, one could cache signature. But since timestampe is changing it acts as a nounce, is always higher then before, then it can not occour. |
2 participants
Added smart contract library
Signature.solthat contains all helper function to signature handling and addedPostageStampSigandSocSigthat shows how to utilize that with the functionality to recover Ethereum address from postage stamp and Single Owner Chunk signatures, respectively.