Update EIP-191: Improve Comprehensibility

[YamenMerhi]

What does this PR introduce?

• Updating the example to be more comprehensive + more updated.
• Simplifying the EIP191 Standard, by providing more explanation of the different versions.
  • Re-ordering the text so we start by:
    - The formula for the standard
    - Why we have 0x19
    - What are the different bytes version we have
  • Explicitly mentioning that E is version 0x45and thereum Signed Message:\n" + len(message) is version specific data.

[eth-bot]

Hi! I'm a bot, and I wanted to automerge your PR, but couldn't because of the following issue(s):

---

(fail) eip-191.md

classification
updateEIP

• eip-191.md is in state final at the head commit, not draft or last call or review; an EIP editor needs to approve this change
• This PR requires review from one of [@axic, @SamWilsn, @Pandapip1]
• eip-191.md requires approval from one of (@holiman, @Arachnid)

[YamenMerhi]

I know this is an old standard and missing some sections, I am happy to add them.
Also was wondering if we should mention in a Security Consideration section that it's advised to use 0x00 for any execution based on signature as people could be easily tricked to sign normal 0x45 messages as it's normally used for SIWE and for offchain verification

[holiman]

Looks good to me, aside from one nitpick

[holiman]

LGTM

[SamWilsn]

This is not the minimal change required to fix errata. Since this is a final EIP, we only allow clarifications and correcting errors. The minimal change would likely be just changing the 7 to a 6, unless there's something else I missed.

[YamenMerhi]

I see your point @SamWilsn , I will revert the OZ integration and keep plain ecrecover but what if the example is not clear ? Just for the sake of backwards compatibility we leave it like this ? (Knowing that no one will use this code snippet)

The name of the function IMO is not perfect, the same for the naming of variables, as it's not a TransactionPreSigned or a transactionHash, it's a signed message and hash of a signed message. This whole standard was created to find a standard way to differentiate between signed transactions and signed messages and here the naming is super confusing.

Also the example show how to sign but doesn't give info about what's the possibilities when signing the message. It's just like showing someone a fish hook but not teaching them how to start fishing 😄

I would find a balance between your suggestions and mine like that:

• Reverted the OZ integration
• Made the new logic as a comment just to emphasize on how this signed message could be used
• Made change to the naming of the function and variables

function signatureBasedExecution(address target, uint256 nonce, bytes memory payload, uint8 v, bytes32 r, bytes32 s) public payable {
        
    // Arguments when calculating hash to validate
    // 1: byte(0x19) - the initial 0x19 byte
    // 2: byte(0) - the version byte
    // 3: address(this) - the validator address
    // 4-6 : Application specific data

    bytes32 hash = keccak256(abi.encodePacked(byte(0x19), byte(0), address(this), msg.value, nonce, payload));

    // recovering the signer from the hash and the signature
    addressRecovered = ecrecover(hash, v, r, s);
   
    // logic of the wallet
    // if (addressRecovered == owner) executeOnTarget(target, payload);
}

Please let me know what do you think 😄 🙏

[SamWilsn]

I think you can go ahead and make this change to the PR. This version is a smaller change.

[YamenMerhi]

@SamWilsn @Pandapip1 Applied the changes 👍

[Pandapip1]

On line 39, ERC needs to be changed to EIP. On line 35, the external link needs to be removed.

[YamenMerhi]

@Pandapip1 Done 👍

[Pandapip1]

+1 from me. Will need manual merge.

Changes addressed

[xinbenlv]

Wait, I must be missing something here, are we adding the <0x00> <intended validator address> to the original EIP-191?

[YamenMerhi]

@xinbenlv The version 0x00 was always there in the standard from the start, but it was not explained very well, and that's one of the purposes of the PR

[xinbenlv]

QQ: Should we mention anything about the EIP-712 "domain" besides the "structured data" here?

[YamenMerhi]

@xinbenlv According to @holiman the co-author of the EIP191 standard:

I'd prefer to leave the definition fully to EIP-712. So simply say:
The version 0x01 is for structured data as defined in EIP-712