I am quite new to ECDSA signatures and the exact way they work. In an attempt to understand it better I have tried experimenting with it. I am trying to create an ERC20 mint function using Openzeppelin's ECDSA module to verify that a specific address is allowed to mint.
This is my code so far
function verifiedMint(bytes memory data, bytes32 hash, bytes memory sig, uint256 amount) public {
require(ECDSA.toEthSignedMessageHash(data) == hash, "Hashed data incorrect");
require(ECDSA.recover(hash, sig) == signer, "Invalid Signer"); //Signer is global constant
(uint256 nonce, address receiver) = abi.decode(data, (uint256, address));
require(receiver == msg.sender, "Address not authorised to claim"); //Prevent replay attacks
require(nonces[receiver] + 1 == nonce, "Incorrect nonce"); //Prevent replay attacks
nonces[receiver] += 1;
_mint(receiver, amount);
}
This function basically takes abi encoded data, which is hashed, then signed using the web3 sign method.
I am unsure if exposing all the data (message+hash+signature) will make this function vulnerable to attacks. There are two ECDSA exploits I read about and I don't know if they apply to this scenario:
- Having a hash + signature lets you create more "valid" hash + signature pairs, but those pairs don't really correspond to proper messages. I'm unsure if exposing the message that was hashed will give an attacker all the pieces they need to forge signatures.
- Knowing the value of the secret 'k' value will let people calculate the private key of the signers wallet. This makes sense, but does the web3 module take care of generating random k values each time? Will attackers be able to use past transactions with their signatures to work backwards towards the k value/signer private key?
Thanks for any help in advance 🙂
Best Answer
The function
verifiedMintshould be just fine. If the ECDSA algorithm is broken for the elliptic curve that Ethereum uses then the whole blockchain will be broken (any blockchain that uses secp256k1 will also be broken, Bitcoin, Litecoin, etc).The contract security depends not just on the algorithm but on keeping the private key stored securely, and other details like signature reuse, making proper validation, etc.