Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: [spearbit-54] use salt in eip-712 domain separator #38

Merged
merged 3 commits into from
Jan 6, 2024
Merged

fix: [spearbit-54] use salt in eip-712 domain separator #38

merged 3 commits into from
Jan 6, 2024

Conversation

fangting-alchemy
Copy link
Collaborator

jaypaik
jaypaik approved these changes Jan 5, 2024
View reviewed changes
Copy link
Collaborator

@jaypaik jaypaik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thanks for removing the EIP712 dependency!

Thoughts on adding in another minor fix to the plugin within isValidSignature? Would love to optimize this:

-bytes memory messageData = encodeMessageData(msg.sender, abi.encode(digest));
-bytes32 messageHash = keccak256(messageData);
+bytes32 messageHash = getMessageHash(msg.sender, abi.encode(digest));

Not sure if there's a more appropriate issue to file this under.

src/plugins/owner/MultiOwnerPlugin.sol Outdated Show resolved Hide resolved
@fangting-alchemy fangting-alchemy merged commit 662445a into audit-2023-11-20 Jan 6, 2024
3 checks passed
@fangting-alchemy fangting-alchemy deleted the ft_fix_54 branch January 6, 2024 05:22
gpersoon
gpersoon reviewed Jan 8, 2024
View reviewed changes
src/plugins/owner/MultiOwnerPlugin.sol
@@ -134,8 +140,7 @@ contract MultiOwnerPlugin is BasePlugin, IMultiOwnerPlugin, IERC1271, EIP712 {
/// an "Ethereum Signed Message" envelope before checking the signature in
/// the EOA-owner case.
function isValidSignature(bytes32 digest, bytes memory signature) public view override returns (bytes4) {
bytes memory messageData = encodeMessageData(msg.sender, abi.encode(digest));
bytes32 messageHash = keccak256(messageData);
bytes32 messageHash = getMessageHash(msg.sender, abi.encode(digest));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

doublecheck: this is one keccak256() less than the previous version of the code, is this as intended?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Definitely not. They should be the same.

Previously:

bytes32 messageHash 
    = keccak256(messageData)
    = keccak256(encodeMessageData(msg.sender, abi.encode(digest)))

After change:

bytes32 messageHash 
    = getMessageHash(msg.sender, abi.encode(digest))
    = keccak256(encodeMessageData(msg.sender, abi.encode(digest)))

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good after all

jaypaik pushed a commit that referenced this pull request Jan 25, 2024
@fangting-alchemy @jaypaik
fix: [spearbit-54] use salt in eip-712 domain separator (#38)
164cd69
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gpersoon gpersoon gpersoon left review comments

@jaypaik jaypaik jaypaik approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fangting-alchemy @gpersoon @jaypaik