Skip to content

Commit

Permalink
Avoid validating ECDSA signatures for addresses with code in Signatur…
Browse files Browse the repository at this point in the history
…eChecker (#4951)

Co-authored-by: ernestognw <ernestognw@gmail.com>
  • Loading branch information
Amxx and ernestognw authored Mar 14, 2024
1 parent 6b4ec6c commit 33ea111
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 4 deletions.
5 changes: 5 additions & 0 deletions .changeset/yellow-moles-hammer.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'openzeppelin-solidity': minor
---

`SignatureChecker`: refactor `isValidSignatureNow` to avoid validating ECDSA signatures if there is code deployed at the signer's address.
10 changes: 6 additions & 4 deletions contracts/utils/cryptography/SignatureChecker.sol
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,12 @@ library SignatureChecker {
* change through time. It could return true at block N and false at block N+1 (or the opposite).
*/
function isValidSignatureNow(address signer, bytes32 hash, bytes memory signature) internal view returns (bool) {
(address recovered, ECDSA.RecoverError error, ) = ECDSA.tryRecover(hash, signature);
return
(error == ECDSA.RecoverError.NoError && recovered == signer) ||
isValidERC1271SignatureNow(signer, hash, signature);
if (signer.code.length == 0) {
(address recovered, ECDSA.RecoverError err, ) = ECDSA.tryRecover(hash, signature);
return err == ECDSA.RecoverError.NoError && recovered == signer;
} else {
return isValidERC1271SignatureNow(signer, hash, signature);
}
}

/**
Expand Down

0 comments on commit 33ea111

Please sign in to comment.