Michael.W基于Foundry精读Openzeppelin第31期——IERC1271.sol
Michael.W基于Foundry精读Openzeppelin第31期——IERC1271.sol
-
-
- 0. 版本
- 1.IERC1271.sol
- 2. 实现合约代码解读
-
- 2.1 foundry代码验证
-
0. 版本
[openzeppelin]:v4.8.3,[forge-std]:v1.5.6
1.IERC1271.sol
Github: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.8.3/contracts/interfaces/IERC1271.sol
IERC1271是合约地址作为signer的签名验证标准。EOA地址可以通过其私钥对msg进行签名,而合约地址理论上是没有私钥的。当合约地址作为msg.sender时,可以通过IERC1271标准进行相关的签名验证工作。
EIP-1271:https://eips.ethereum.org/EIPS/eip-1271
pragma solidity ^0.8.0;
interface IERC1271 {
// 对外提供的验签方法(本合约作为signer)
// 如果验签通过返回0x1626ba7e,即
// bytes4(keccak256("isValidSignature(bytes32,bytes)")
// 否则返回一个其他bytes4的值
function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue);
}
注:有验签需求的合约A需要通过外部调用IERC1271实现合约B的isValidSignature方法且该方法的具体实现是合约A不可控的。出于安全考虑,建议在合约A中硬编码对isValidSignature调用的gas limit。同时,合约B有责任确保isValidSignature的验签有效性,否则将带来灾难性的后果。
2. 实现合约代码解读
IERC1271的实现合约:
Github: https://github.com/RevelationOfTuring/foundry-openzeppelin-contracts/blob/master/src/interfaces/MockERC1271.sol
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;
import "openzeppelin-contracts/contracts/interfaces/IERC1271.sol";
import "openzeppelin-contracts/contracts/utils/cryptography/ECDSA.sol";
contract MockERC1271 is IERC1271 {
// 用于isValidSignature()内的验签工作
using ECDSA for bytes32;
// 封装的eoa地址,所有的有效签名需要是该地址私钥签署的
address _signerEOA;
constructor(address signerEOA){
// 初始化设置eoa地址
_signerEOA = signerEOA;
}
function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue){
// 通过ECDSA.recover()验证输入签名是否是_signerEOA签署的。如果是,返回magic value——0x1626ba7e,否则返回0
return hash.recover(signature) == _signerEOA ? IERC1271.isValidSignature.selector : bytes4(0);
}
}
MockERC1271的部署者需要持有_signerEOA对应的私钥。利用MockERC1271去调用其他有验签需求的合约时,携带的signature必须由该私钥签署。
全部foundry测试合约:
Github: https://github.com/RevelationOfTuring/foundry-openzeppelin-contracts/blob/master/test/interfaces/IERC1271.t.sol
2.1 foundry代码验证
contract IERC1271Test is Test {
using ECDSA for bytes;
uint signerPrivateKey = 1024;
MockERC1271 me = new MockERC1271(vm.addr(signerPrivateKey));
function test_IsValidSignature_PassWithCorrectSignature() external {
// correct signature by _signerEOA's private key
(bytes32 digestHash, bytes memory signature) = getDigestHashAndSignature(signerPrivateKey, "Michael.W");
bytes4 magicValue = me.isValidSignature(digestHash, signature);
assertTrue(magicValue == IERC1271.isValidSignature.selector);
}
function test_IsValidSignature_NotPassWithIncorrectSignature() external {
// incorrect signature by different private key
(bytes32 digestHash, bytes memory signature) = getDigestHashAndSignature(signerPrivateKey + 1, "Michael.W");
bytes4 magicValue = me.isValidSignature(digestHash, signature);
assertFalse(magicValue == IERC1271.isValidSignature.selector);
}
// utils to get digest hash and signature with specific private key and string message
function getDigestHashAndSignature(uint privateKey, string memory message) private pure returns (bytes32 digestHash, bytes memory signature){
digestHash = bytes(message).toEthSignedMessageHash();
(uint8 v, bytes32 r, bytes32 s) = vm.sign(privateKey, digestHash);
signature = bytes.concat(r, s, bytes1(v));
}
}
ps:
本人热爱图灵,热爱中本聪,热爱V神。
以下是我个人的公众号,如果有技术问题可以关注我的公众号来跟我交流。
同时我也会在这个公众号上每周更新我的原创文章,喜欢的小伙伴或者老伙计可以支持一下!
如果需要转发,麻烦注明作者。十分感谢!
公众号名称:后现代泼痞浪漫主义奠基人