This repository has been archived by the owner on Feb 26, 2024. It is now read-only.
fix: enforce eip-2 imposed limits and secp256k1 upper bound for private keys #2944
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sending transactions from an impersonated account with a "large" account number, like
fffffffffffffffffffffffffffffffffffffffe
, would result in the error "The nonce generation function failed, or the private key was invalid" due to the way we fake transaction signing in ganache. Previously we would take the account number plus the first 12 bytes of the account number,fffffffffffffffffffffffffffffffffffffffe
+ffffffffffffffffffffffff
, and would use that as a fake private key. This results in an invalid key, as secp256k1, the elliptic curve used in Ethereum cryptography, has an effective maximum private key value of0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140n
(AKAsecp256k1_n - 1
, or the total number of non-trivial points on the curve). This fixes #2586.While implementing this fix it was discovered that we were not rejecting transactions with too-high s-values; i.e., s-values that are greater than
(secp256k1_n - 1) / 2
. This restriction was added way back in Ethereum's first hardfork, homestead, as part of EIP-2 in order to remove the possibility of "malleable" transactions. While somewhat unrelated to the core reason for this fix, it has been added as part of this PR. This fixes #2600.