Signature – How to Use a Signed Message to Verify the Sender

recoversignature

    function mint(uint8 quantity, bytes calldata signature)
        public
        payable
        callerIsUser
    {
        require(DA_ACTIVE == true, "DA isnt active");
        if (!directMintAllowed) {
            require(
                daSigner ==
                    keccak256(
                        abi.encodePacked(
                            "\x19Ethereum Signed Message:\n32",
                            bytes32(uint256(uint160(msg.sender)))
                        )
                    ).recover(signature),
                "Signer address mismatch."
            );
        }
        ...
    }

I feel like I'm missing something. Isn't this equivalent:

    function mint(uint8 quantity)
        public
        payable
        callerIsUser
    {
        require(DA_ACTIVE == true, "DA isnt active");
        if (!directMintAllowed) {
            require(daSigner == msg.sender, "Signer address mismatch.");
        }
        ...
    }

What is the value in adding a signed message check here?

Best Answer

They are not at all equivalent :

require(
         daSigner ==
             keccak256(
                 abi.encodePacked(
                     "\x19Ethereum Signed Message:\n32",
                     bytes32(uint256(uint160(msg.sender)))
                 )
             ).recover(signature),
         "Signer address mismatch."
);

Ensures that signature refers to a signed message from daSigner with a content set to the address of msg.sender.

Anyone holding a signed message from daSigner containing their address can pass this check. daSigner can give rights to any address of its choice to mint by signing the appropriate message. The user then takes that signature to the smart contracts and is allowed to mint. In that case, daSigner authorized a user to mint, but the user is paying the fees as he would be interacting with the contract.

In the second case :

require(daSigner == msg.sender, "Signer address mismatch.");

Ensures that msg.sender is daSigner Only daSigner can pass this check. In that case, daSigner would mint for a user and pay the fees.

Related Solutions

Ethereum – How to Sign and Verify a Message in JavaScript to Prove Ownership of an Address

You can sign a string of data using web3.eth.sign

The address you use needs to be unlocked and you can sign text like this:

> web3.eth.sign(<your address>, web3.sha3("Some text"))

0x32f689696d855dd79c73acd94b2374461261b6f3d00e758fa23d35607c0be3175cbc7a7ea02c7f23cd7ef9334b4718a3363dfe12c1c1de24da5f94eb68a67b6000"

The returned 130byte string is the concatenated r,s,v ECDSA values with the mapping:

r = signature[0:64]
s = signature[64:128]
v = signature[128:130]

While web3.js has no verification functions, Solidity has ecrecover call in the form:

ecrecover([sha3 hash of data], v, r, s)

This question explores usage of ecrecover.

Further, there is another thread on the forum in which the OP uses the Python Bitcoin module to verify signed data.

Update: Since v1.0 web3.js has verification functions. See the other answers here (eg. web3.eth.accounts.recover)

[Ethereum] Should signed text messages use the “\x19Ethereum Signed Message” prefix

There's no official standard (at the time of this writing) and has been debated for a while in this EIP thread EIP #683

According to issue #3731:

Geth prepends the string \x19Ethereum Signed Message:\n<length of message> to all data before signing it (https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign). If you want to verify such a signature from Solidity, you'll have to prepend the same string in solidity before doing the ecrecovery.

Best Answer

Related Solutions

Ethereum – How to Sign and Verify a Message in JavaScript to Prove Ownership of an Address

[Ethereum] Should signed text messages use the “\x19Ethereum Signed Message” prefix

Related Topic