Here is a minimal (copy and paste) example of how to safely create and verify ECDSA signatures with OpenZeppelin in the Foundry environment.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
contract Verifier {
using ECDSA for bytes32;
address public verifyingAddress;
constructor(address _verifyingAddress) {
verifyingAddress = _verifyingAddress;
}
function verifyV1(
string calldata message,
bytes32 r,
bytes32 s,
uint8 v
) public view {
bytes32 signedMessageHash = keccak256(abi.encode(message))
.toEthSignedMessageHash();
require(
signedMessageHash.recover(v, r, s) == verifyingAddress,
"signature not valid v1"
);
}
function verifyV2(
string calldata message,
bytes calldata signature
) public view {
bytes32 signedMessageHash = keccak256(abi.encode(message))
.toEthSignedMessageHash();
require(
signedMessageHash.recover(signature) == verifyingAddress,
"signature not valid v2"
);
}
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "forge-std/Test.sol";
import "../src/Verify.sol";
import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import "forge-std/console.sol";
contract TestSigs1 is Test {
using ECDSA for bytes32;
Verifier verifier;
address owner;
uint256 privateKey =
0x1010101010101010101010101010101010101010101010101010101010101010;
function setUp() public {
owner = vm.addr(privateKey);
verifier = new Verifier(owner);
}
function testVerifyV1andV2() public {
string memory message = "attack at dawn";
bytes32 msgHash = keccak256(abi.encode(message))
.toEthSignedMessageHash();
(uint8 v, bytes32 r, bytes32 s) = vm.sign(privateKey, msgHash);
bytes memory signature = abi.encodePacked(r, s, v);
assertEq(signature.length, 65);
console.logBytes(signature);
verifier.verifyV1(message, r, s, v);
verifier.verifyV2(message, signature);
}
}
This will work even if you change the data type from “string” to something else.
Note that OpenZeppelin supports two ways to represent the signature. It’s generally more convenient to use the bytes version because this is only one extra piece of data to pass around. Note however that ERC20-Permit uses the three part signature (r, s, v).
This article is used as reference material in our Solidity Bootcamp.
We also have a free learn solidity tutorial.
Originally Published March 8, 2023
20 Common Solidity Beginner Mistakes Our intent is not to be patronizing towards developers early in their journey with this article. Having reviewed code from numerous Solidity developers, we’ve seen some mistakes occur more frequently and we list those here. By no means is this an exhaustive list of mistakes a Solidity developer can make. […]
Smart Contract Foundry Upgrades with the OpenZeppelin Plugin Upgrading a smart contract is a multistep and error-prone process, so to minimize the chances of human error, it is desirable to use a tool that automates the procedure as much as possible. Therefore, the OpenZeppelin Upgrade Plugin streamlines deploying, upgrading and managing smart contracts built with Foundry or […]
UUPS: Universal Upgradeable Proxy Standard (ERC-1822) The UUPS pattern is a proxy pattern where the upgrade function resides in the implementation contract, but changes the implementation address stored in the proxy contract via a delegatecall from the proxy. The high level mechanism is shown in the animation below: Similar to the Transparent Upgradeable Proxy, the […]
Try Catch and all the ways Solidity can revert This article describes all the kinds of errors that can happen when a smart contract is called, and how the Solidity Try / Catch block responds (or fails to respond) to each of them. To understand how Try / Catch works in Solidity, we must understand […]