In the Ghost contract they have:
function mint(uint8 quantity, bytes calldata signature)
public
payable
callerIsUser
{
require(DA_ACTIVE == true, "DA isnt active");
if (!directMintAllowed) {
require(
daSigner ==
keccak256(
abi.encodePacked(
"\x19Ethereum Signed Message:\n32",
bytes32(uint256(uint160(msg.sender)))
)
).recover(signature),
"Signer address mismatch."
);
}
...
}
I feel like I'm missing something. Isn't this equivalent:
function mint(uint8 quantity)
public
payable
callerIsUser
{
require(DA_ACTIVE == true, "DA isnt active");
if (!directMintAllowed) {
require(daSigner == msg.sender, "Signer address mismatch.");
}
...
}
What is the value in adding a signed message check here?
Best Answer
They are not at all equivalent :
Ensures that
signature
refers to a signed message fromdaSigner
with a content set to the address ofmsg.sender
.Anyone holding a signed message from
daSigner
containing their address can pass this check.daSigner
can give rights to any address of its choice to mint by signing the appropriate message. The user then takes that signature to the smart contracts and is allowed to mint. In that case,daSigner
authorized a user to mint, but the user is paying the fees as he would be interacting with the contract.In the second case :
Ensures that
msg.sender
isdaSigner
OnlydaSigner
can pass this check. In that case,daSigner
would mint for a user and pay the fees.