Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use order schema hash in signature verification for EIP712 compatibility #17

Closed
abandeali1 opened this issue Dec 19, 2017 · 1 comment
Closed

Use order schema hash in signature verification for EIP712 compatibility #17

abandeali1 opened this issue Dec 19, 2017 · 1 comment
Labels
enhancement exchange v2

Comments

@abandeali1
Copy link
Member

abandeali1 commented Dec 19, 2017
edited by fabioberger
Loading

Summary

EIP712 describes a standard for human-readable typed data signing. This would allow the signer of a 0x order to see the exact parameters that they are signing with tools such as Metamask. In order to be compatible with this EIP, we must update how signatures are validated in the Exchange contract.

Motivation

Currently, it is very difficult for a user of 0x to verify that the order that they are signing is exactly what they intended to sign. This adds an extra level of trust between users and relayers, potentially opening users up to scams. Open source tools exist for verifying orders, but they require users to take extra steps, are more difficult to understand, and are unlikely to gain the same level of traction as functionality that is built into the user's wallet.

Implementation

Currently, signatures are verified with:

return signer == ecrecover(
    keccak256("\x19Ethereum Signed Message:\n32", hash),
    v,
    r,
    s
);

Instead, we first calculate the hash of the order's schema:

bytes32 public constant orderSchemaHash = keccak256(
    "address exchangeContractAddress",
    "address makerAddress",
    "address takerAddress",
    "address makerTokenAddress",
    "address takerTokenAddress",
    "address feeRecipientAddress",
    "uint256 makerTokenAmount",
    "uint256 takerTokenAmount",
    "uint256 makerFeeAmount",
    "uint256 takerFeeAmount",
    "uint256 expirationTimestamp",
    "uint256 salt"
);

We then can verify signatures with:

return signer == ecrecover(
    keccak256(orderSchemaHash, orderHash),
    v,
    r,
    s
);
@fabioberger fabioberger changed the title Use order schema hash in signature verification for EIP721 compatibility Use order schema hash in signature verification for EIP712 compatibility Dec 26, 2017
@abandeali1 abandeali1 added the v2 label Jan 18, 2018
@AntonioJuliano AntonioJuliano mentioned this issue Jan 24, 2018
Closed
@recmo
Copy link

recmo commented Feb 13, 2018
edited
Loading

In addition to the above verification, we can also implement the following verification:

bytes32 messageHash = keccak256(orderSchemaHash, orderHash);

return signer == ecrecover(
    keccak256("\x19Ethereum Signed Message:\n32", messageHash),
    v,
    r,
    s
);

The advantage is that we now have one message hash that can be signed either directly (EIP712) or through the old eth_sign.

@vietlq vietlq mentioned this issue Aug 14, 2018
Open
@brentoshiro brentoshiro mentioned this issue Sep 24, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement exchange v2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@recmo @abandeali1