mirror
/
openzeppelin-contracts
mirror of https://github.com/OpenZeppelin/openzeppelin-contracts
2
1
Fork 1
Code Issues Releases Wiki Activity

Avoid validating ECDSA signatures for addresses with code in SignatureChecker (#4951)

Browse Source 
Co-authored-by: ernestognw <ernestognw@gmail.com>
pull/4960/head
Hadrien Croubois 11 months ago committed by GitHub
parent 6b4ec6c6c6
commit 33ea1111b0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 11 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      .changeset/yellow-moles-hammer.md
  2. 10
      contracts/utils/cryptography/SignatureChecker.sol

5
.changeset/yellow-moles-hammer.md
Unescape View File

@ -0,0 +1,5 @@
---
'openzeppelin-solidity': minor
---
`SignatureChecker`: refactor `isValidSignatureNow` to avoid validating ECDSA signatures if there is code deployed at the signer's address.

10
contracts/utils/cryptography/SignatureChecker.sol
Unescape View File

@ -20,10 +20,12 @@ library SignatureChecker {
* change through time. It could return true at block N and false at block N+1 (or the opposite).
*/
function isValidSignatureNow(address signer, bytes32 hash, bytes memory signature) internal view returns (bool) {
(address recovered, ECDSA.RecoverError error, ) = ECDSA.tryRecover(hash, signature);
return
(error == ECDSA.RecoverError.NoError && recovered == signer) ||
isValidERC1271SignatureNow(signer, hash, signature);
if (signer.code.length == 0) {
(address recovered, ECDSA.RecoverError err, ) = ECDSA.tryRecover(hash, signature);
return err == ECDSA.RecoverError.NoError && recovered == signer;
} else {
return isValidERC1271SignatureNow(signer, hash, signature);
}
}
/**

Write Preview
Loading…
Cancel
Save