Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address recovery broke in 2.2.0 #56

Open
wbobeirne opened this issue Jul 10, 2019 · 4 comments
Open

Address recovery broke in 2.2.0 #56

wbobeirne opened this issue Jul 10, 2019 · 4 comments
Labels
bug

Comments

@wbobeirne
Copy link

Hey there, I'm using eth-sig-util to do some signature validation on my backend. I recently redeployed the same code I had been using in a new project and found it was no longer working. This was because of an upgrade to eth-sig-util. I've gone ahead and created an example test that passes in 2.1.2, but fails in 2.2.0. I've narrowed it down to 0fbac01 as being the commit to break this. The signature and data blob here are from a real project using MetaMask v6.7.2 to do the signature.

test('broken recovery', (t) => {
  t.plan(1);
  const data = {
    "types": {
      "EIP712Domain": [
        {"name": "name", "type": "string"},
        {"name": "version", "type": "string"},
        {"name": "chainId", "type": "uint256"},
        {"name": "verifyingContract", "type": "string"}
      ],
      "authorization": [
        {"name": "userid", "type": "uint256"},
        {"name": "point", "type": "string"}
      ]
    },
    "domain": {
      "name": "test.test",
      "version": "1",
      "chainId": 1,
      "verifyingContract": "0x223c067f8cf28ae173ee5cafea60ca44c335fecb"
    },
    "primaryType": "authorization",
    "message": {
      "userid": 123,
      "point": "~hatteb-tondys"
    }
  };
  const sig = '0xab3b4a19d27b4f2ff9b2669888d1c3fee427b8c9ccabdeb91ef529a760aa593d00717dfa6f02d0ae0556f6c210ab5d5af41130d805d4659437d735172f7172c71c';
  const expectedAddress = '0x529104532a9779ea9Eae0C1e325b3368e0F8add4';

  const recoveredAddress = sigUtil.recoverTypedSignature({ data, sig });
  t.equal(expectedAddress.toLowerCase(), recoveredAddress.toLocaleLowerCase());
});

Is this because of verifyingContract being misinterpreted?
@wbobeirne wbobeirne mentioned this issue Jul 10, 2019
Closed
@wbobeirne
Copy link
Author

OK, I can confirm that this works fine when I generate and recover a signature for the same data blob, minus verifyingContract. So it looks like MetaMask still has this issue when signing data with 0x in front, and it causes this library to recover it incorrectly. I'm guessing this wasn't caught because there are no tests for recoverTypedSignature.

@SwaroopH
Copy link

I ran into this while passing a string with 0x in the front.

@wbobeirne Great job on reproducing and getting to the bottom of the issue! Btw, in your case, verifyingContract should be defined as an address, right? Fortunately, that helped cause the issue, so all good :)

@danfinlay danfinlay mentioned this issue Aug 6, 2019
Merged
@janhesters
Copy link

janhesters commented Dec 5, 2019
edited

Facing the same issue. When I try to recover a signature it fails with: Invalid signature length. Just as in OPs example, my signature is 132 characters, but in ethereumjs-util/dist/index.js.exports.fromRpcSig (index.js:438) the signature is expected to have 65 characters.

@jdowning100
Copy link

I have this issue too. Why is a signature generated by web3 considered invalid, signed by Metamask no less? Guess I'll use a different library.

@Gudahtt Gudahtt added the bug label Jul 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@SwaroopH @wbobeirne @Gudahtt @jdowning100 @janhesters