From 20dce459b198144435b7a3c417f50ab376d68940 Mon Sep 17 00:00:00 2001 From: Hadrien Croubois Date: Tue, 12 Mar 2024 17:11:07 +0100 Subject: [PATCH 1/2] Make SignatureChecker EIP-7377 safe --- .changeset/yellow-moles-hammer.md | 5 +++++ contracts/utils/cryptography/SignatureChecker.sol | 10 ++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) create mode 100644 .changeset/yellow-moles-hammer.md diff --git a/.changeset/yellow-moles-hammer.md b/.changeset/yellow-moles-hammer.md new file mode 100644 index 00000000000..b3e119ef4da --- /dev/null +++ b/.changeset/yellow-moles-hammer.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': minor +--- + +`SignatureChecker`: refactor `isValidSignatureNow` to make it safe if EIP-7377 (or similar) is ever implemented. diff --git a/contracts/utils/cryptography/SignatureChecker.sol b/contracts/utils/cryptography/SignatureChecker.sol index 7eb0fea907b..9aaa2e0716c 100644 --- a/contracts/utils/cryptography/SignatureChecker.sol +++ b/contracts/utils/cryptography/SignatureChecker.sol @@ -20,10 +20,12 @@ library SignatureChecker { * change through time. It could return true at block N and false at block N+1 (or the opposite). */ function isValidSignatureNow(address signer, bytes32 hash, bytes memory signature) internal view returns (bool) { - (address recovered, ECDSA.RecoverError error, ) = ECDSA.tryRecover(hash, signature); - return - (error == ECDSA.RecoverError.NoError && recovered == signer) || - isValidERC1271SignatureNow(signer, hash, signature); + if (signer.code.length == 0) { + (address recovered, ECDSA.RecoverError err, ) = ECDSA.tryRecover(hash, signature); + return err == ECDSA.RecoverError.NoError && recovered == signer; + } else { + return isValidERC1271SignatureNow(signer, hash, signature); + } } /** From 737494537c8eae4e8c4617ce554daa3fc78be27f Mon Sep 17 00:00:00 2001 From: ernestognw Date: Thu, 14 Mar 2024 15:24:16 +0000 Subject: [PATCH 2/2] Update changeset --- .changeset/yellow-moles-hammer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changeset/yellow-moles-hammer.md b/.changeset/yellow-moles-hammer.md index b3e119ef4da..b13971a28a9 100644 --- a/.changeset/yellow-moles-hammer.md +++ b/.changeset/yellow-moles-hammer.md @@ -2,4 +2,4 @@ 'openzeppelin-solidity': minor --- -`SignatureChecker`: refactor `isValidSignatureNow` to make it safe if EIP-7377 (or similar) is ever implemented. +`SignatureChecker`: refactor `isValidSignatureNow` to avoid validating ECDSA signatures if there is code deployed at the signer's address.