-
Notifications
You must be signed in to change notification settings - Fork 11.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security considerations regarding SignatureChecker.isValidERC1271SignatureNow
#4898
Comments
Thanks for flagging @0xPhaze. The fix for this should be easy if we replicate what's done in ERC165Checker: assembly {
success := staticcall(30000, account, add(encodedParams, 0x20), mload(encodedParams), 0x00, 0x20)
returnSize := returndatasize()
returnValue := mload(0x00)
} I wouldn't say it's a breaking change because contracts won't stop working if they adhere to the standard. |
Adding a fixed gas limit technically would be breaking though. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
馃摑 Details
After a small discussion I wanted to collect some thoughts on
SignatureChecker.isValidERC1271SignatureNow
. It largely assumes that thesigner
contract is trusted when verifying ERC-1271 signatures.openzeppelin-contracts/contracts/utils/cryptography/SignatureChecker.sol
Lines 29 to 47 in 4e7e6e5
Signatures are often used by relayers to perform actions on behalf of users with their permission. Therefore it should be assumed that
signer
s can be malicious and additional security considerations might come into play. Two observations are:signer.staticcall
does not include a gas limit(bool success, bytes memory result) = signer.staticcall
copies the entirety of the returned data, making it susceptible toreturndata
bomb attacksis partially addressed in the EIP:
However, general security concerns for relayers still apply (call to the unknown): Relayers might not be aware that a fixed gas limit should be set or that relayed transactions should be discarded if they cost more than X. This could be a bad scenario if relayers are sponsored, use a fixed fee, or if the maximum gas is not debited upfront.
signer
. The worst scenario might be confusion if the call reverts in the caller's context instead of thesigner
contract.Potential solutions:
SignatureChecker.isValidERC1271SignatureNow
.returndata
via assembly.gasLimit
parameter toSignatureChecker.isValidERC1271SignatureNow
and implement 2.Considering that the most simple solution might be the best, 4. or 1. might be the most sensible, though I'm interested if anyone has some more thoughts on this.
The text was updated successfully, but these errors were encountered: