Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use >=32 instead of ==32 in SignatureChecker for return data length check #4035

Closed
pcaversaccio opened this issue Feb 7, 2023 · 11 comments · Fixed by #4038
Closed

Use >=32 instead of ==32 in SignatureChecker for return data length check #4035

pcaversaccio opened this issue Feb 7, 2023 · 11 comments · Fixed by #4038
Labels
good first issue Low hanging fruit for new contributors to get involved!

Comments

@pcaversaccio
Copy link
Contributor

In the ERC4626 function _tryGetAssetDecimals you use the following pattern with respect to the return data length check:

if (success && encodedDecimals.length >= 32) {
    uint256 returnedDecimals = abi.decode(encodedDecimals, (uint256));
    if (returnedDecimals <= type(uint8).max) {
        return (true, uint8(returnedDecimals));
    }
}

In the function isValidSignatureNow you use result.length == 32 instead for the return data length check. I think it would make sense due to consistency to also use result.length >= 32 in that case. FYI, I already discussed this issue with @frangio over Discord.
@pcaversaccio pcaversaccio changed the title Use >=32 instead of ==32 in SignatureChecker Use >=32 instead of ==32 in SignatureChecker for return data length check Feb 7, 2023
@Amxx Amxx added the good first issue Low hanging fruit for new contributors to get involved! label Feb 8, 2023
@HarshitSharma007
Copy link
Contributor

@pcaversaccio can you please assign this issue to me.

@pcaversaccio
Copy link
Contributor Author

I'm not part of the OZ team :-D. Cc: @Amxx

@frangio
Copy link
Contributor

frangio commented Feb 9, 2023

@HarshitSharma007 Feel free to submit a PR.

@HarshitSharma007 HarshitSharma007 mentioned this issue Feb 9, 2023
Merged
3 tasks
@Amxx
Copy link
Collaborator

Amxx commented Feb 9, 2023

I agree we should have consistency, but I wonder why it should be on >=32 and not on ==32

@frangio
Copy link
Contributor

frangio commented Feb 9, 2023

My reasoning for >= 32 is that abi.decode will accept data that is larger than needed, and we shouldn't make it more restrictive than the "native" Solidity decoding.

@Gua00va

This comment was marked as spam.

Sign in to view
@Eren-Yeaager
Copy link

Can you please assign this issue to me??

@pcaversaccio
Copy link
Contributor Author

@Eren-Yeaager the issue is already resolved (pending merge) via PR: #4038.

@Eren-Yeaager
Copy link

Eren-Yeaager commented Feb 25, 2023 via email

@yvonnezhangc
Copy link

@frangio @pcaversaccio could either of you help provide more context on this change?

ERC1271 specifies that the return value must be the bytes4 magic value 0x1626ba7e. Why is it a good idea to use >= rather than == here?

@pcaversaccio
Copy link
Contributor Author

@frangio @pcaversaccio could either of you help provide more context on this change?

ERC1271 specifies that the return value must be the bytes4 magic value 0x1626ba7e. Why is it a good idea to use >= rather than == here?

See @frangio's argument here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Low hanging fruit for new contributors to get involved!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow return data length >= 32 in SignatureChecker HarshitSharma007/openzeppelin-contracts
7 participants
@frangio @Amxx @pcaversaccio @HarshitSharma007 @Eren-Yeaager @Gua00va @yvonnezhangc