-
Notifications
You must be signed in to change notification settings - Fork 680
Inconsistent behavior of web3.eth.sign between ganache-cli and hdwallet-provider #972
Comments
Hey @fedgiac, apologies for the slight delay! We think this might be a dupe of #556 and is fixed as part of ganache@7.0.0-alpha.0. Let us know if this resolves this. |
Hi Kevin, I tried to run the steps to reproduce the issue and found that while Ganache behaves differently from version six, this time the final byte is replaced by two bytes (
|
@fedgiac Note: starting ganache with a chainId that matches any other chain effectively removes the replay protection provided by EIP-155. So if you do this make absolutely sure you never use a real account/mnemonic with ganache (you shouldn't do this already... but now you REALLY shouldn't!)! Let me know if this clears things up for you so I can close this issue or continue investigating. |
As far as I know message signatures do not depend on the chain id like it is the case for Ganache. In particular, Note that here we are talking about message signing and not transaction signing, so even if likely related the issue that was just linked to this is different. |
Oh wow, I believe your are correct. Well get this fixed asap (which will be next week)! |
Hello it seems that the problem is here again, I have signatures ending with 01 instead of 1c using eth_sign calls, the problem seems to be coming from the 7.7.3 and up version (maybe even from 7.7.0) |
Expected Behavior
The output of
web3.eth.sign
should be consistent when using different Ethereum clients, including Ganache.Current Behavior
The output of
web3.eth.sign
when using Ganache is different from that of other Ethereum client implementations in that the last byte of the signature (v
) is either00
or01
, while in other implementations it's1b
or1c
. Notably, the behavior ofweb3.eth.sign
when only using Ganache is inconsistent with that of@truffle/hdwallet-provider
.Note that this inconsistency is not limited to Truffle projects.
eth_sign
is1b
(Ganache would return00
instead). The behavior was apparently different in previous versions of this documentation (source).web3.eth.sign
is00
/01
.eth_sign
in Parity/OpenEthereum returns1b
/1c
, as well as callingweb3.eth.sign
with Truffle using Parity/OpenEthereum as its client.eth_sign
in Geth returns1b
/1c
.Possible Solution
Ganache and
@truffle/hdwallet-provider
should settle on a single standard output ofweb3.eth.sign
.I would recommend changing Ganache's behavior so that the final byte of an RPC call to
eth_sign
is1b
or1c
for consistency with Geth and Parity/OpenEthereum. This change would modify the last byte returned byweb3.eth.sign
accordingly, since it's just a wrapper aroundeth_sign
.Steps to Reproduce
Install
truffle
,ganache-cli
,@truffle/hdwallet-provider
.Run
ganache-cli --mnemonic="shove shoulder neutral steak day correct neither girl alcohol modify bacon fee"
Create a new Truffle project with the following network configuration:
Create Truffle script
script.js
with the following content:Test the script on both networks:
Observe that the final bytes differs (
00
vs.1b
).Context
This issue was found out while debugging an inconsistent behavior between production and testing in a script relying on
web3.eth.sign
, see this PR for details.Your Environment
Truffle v5.1.27 (core: 5.1.27)
Solidity v0.5.16 (solc-js)
Node v12.16.3
Web3.js v1.2.1
Ganache-cli 6.9.1
@truffle/hdwallet-provider 1.0.35
If the changes I propose in this issue were greenlighted, I'd try to submit a PR implementing them.
The text was updated successfully, but these errors were encountered: