Skip to content

Commit

Permalink
fix: eth_sign is signing arbitrary data
Browse files Browse the repository at this point in the history
  • Loading branch information
XuNeal committed Mar 18, 2024
1 parent 592caf3 commit 5309dbd
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 32 deletions.
40 changes: 8 additions & 32 deletions token-core/tcx-eth/src/signer.rs
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,11 @@ impl EthMessageInput {
if self.signature_type == SignatureType::PersonalSign as i32 {
Ok(hash_message(&message))
} else {
Ok(keccak256(&message))
// Note: ec sign is signing arbitrary data
// ref: https://support.metamask.io/hc/en-us/articles/14764161421467-What-is-eth-sign-and-why-is-it-a-risk
let mut buffer: [u8; 32] = [0; 32];
buffer.copy_from_slice(&message);
Ok(buffer)
}
}
}
Expand Down Expand Up @@ -666,7 +670,8 @@ mod test {
#[test]
fn test_ec_sign() {
let message = EthMessageInput {
message: "Hello imToken".to_string(),
message: "0x879a053d4800c6354e76c7985a865d2922c82fb5b3f4577b2fe08b998954f2e0"
.to_string(),
signature_type: SignatureType::EcSign as i32,
};
let mut keystore =
Expand All @@ -681,36 +686,7 @@ mod test {
let sign_output = keystore.sign_message(&params, &message).unwrap();
assert_eq!(
sign_output.signature,
"0x648081bc111e6116769bdb4396eebe17f58d3eddc0aeb04a868990deac9dfa2f322514a380fa66e0e864faaac6ef936092cdc022f5fd7d61cb501193ede537b31b"
);
let message = EthMessageInput {
message: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa".to_string(),
signature_type: SignatureType::EcSign as i32,
};
let sign_output = keystore.sign_message(&params, &message).unwrap();
assert_eq!(
sign_output.signature,
"0x65e4952899a8dcadf3a65a11bdac0f0cfdf93e0bae5c67674c78a72631de524d3cafe27ea71c86aa3fd838c6a50a0b09d6ece85a6dcf3ce85c30fdc51380ebdf1b"
);

let message = EthMessageInput {
message: "0000000000000000".to_string(),
signature_type: SignatureType::EcSign as i32,
};
let sign_output = keystore.sign_message(&params, &message).unwrap();
assert_eq!(
sign_output.signature,
"0xf85b21d47d4a828b0829bd3d0b7dbd19cb7fb8d75c24d03f424beddb38d6eb2456f3f438b18453826ce9eaf4b887a2e899e63e73c265dcd8ae0bc507184590a51c"
);

let message = EthMessageInput {
message: "0x0000000000000000".to_string(),
signature_type: SignatureType::EcSign as i32,
};
let sign_output = keystore.sign_message(&params, &message).unwrap();
assert_eq!(
sign_output.signature,
"0xb35fe7d2e45098ef21264bc08d0c252a4a7b29f8a24ff25252e0f0c5b38e0ef0776bd12c9595353bdd4a118f8117182d543fa8f25d64a121c03c71f3a4e81b651b"
"0xe391521758b55824691588821ca425900c7dd3ad1219179637d8df6db5353dcb04fc518a62a83b7293738d7cf9d37f2cc57009324d95e52df0aaeeda2c3092761b"
);
}

Expand Down
32 changes: 32 additions & 0 deletions token-core/tcx/tests/sign_test.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1056,6 +1056,38 @@ pub fn test_sign_ethereum_sign_message() {
})
}

#[test]
#[serial]
pub fn test_sign_ethereum_ec_sign() {
run_test(|| {
let wallet = import_default_wallet();

let eth_tx_input = EthMessageInput {
message: "0x879a053d4800c6354e76c7985a865d2922c82fb5b3f4577b2fe08b998954f2e0"
.to_string(),
signature_type: 1i32,
};
let input_value = encode_message(eth_tx_input).unwrap();
let param = SignParam {
id: wallet.id.to_string(),
chain_type: "ETHEREUM".to_string(),
path: "m/44'/60'/0'/0/0".to_string(),
curve: "secp256k1".to_string(),
network: "".to_string(),
seg_wit: "".to_string(),
input: Some(::prost_types::Any {
type_url: "imtoken".to_string(),
value: input_value,
}),
key: Some(sign_param::Key::Password(sample_key::PASSWORD.to_string())),
};
let ret = call_api("sign_msg", param).unwrap();
let output: EthMessageOutput = EthMessageOutput::decode(ret.as_slice()).unwrap();

assert_eq!(output.signature, "0x75fbe836882b653ee7c01d334a08c13343580104f8e964276d009041125b2aaa5704c25efcf37d4c4153b3047f305547a7e8886f655eefd1de7db2897200d49d1b");
})
}

#[test]
#[serial]
pub fn test_sign_bls_to_execution_change() {
Expand Down

0 comments on commit 5309dbd

Please sign in to comment.