Fix: Signature verify when create wallet (not using RELAY) #178
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Tests (BIG Disclaimer!!!)
Context
When using the SmartWalletFactory contract without using the relay, directly from an EOA, the function "createUserSmartWallet" is called. This function checks if the signature belongs to the owner of the wallet and that the message signed is:
hash(<owner> + <recoverer> + <index>)
.Issue
Using Metamask/Nifty wallets at the moment of signing the message, a prefix is added so the final message would be:
"\x19Ethereum Signed Message:\n" + msg.length + hash(<owner> + <recoverer> + <index>)
.This is due to
eth_sign
is deprecated by those wallets:Solution
So, in order to be compatible with this behaviour is that in this PR the verification of the signature (only in the case of direct deploy, without use of the RELAY mechanism) has been changed to the following:
hash(<verifier_address> + <owner> + <recoverer> + <index>)
presonal_sign
function (which prepends"\x19Ethereum Signed Message:\n" + msg.length
)."\x19Ethereum Signed Message:\n" + msg.length + hash(<verifier_address>+<owner> + <recoverer> + <index>)
hash(msg).recover(signature)