♻️ Fix WebAuthn SHA256 returndatasize check (#1224)

Vectorized · rholterhus · web-flow · commit 824ca8c2b2cf · 2024-12-17T07:15:24.000+08:00
Co-authored-by: rholterhus &lt;rileyholterhus@gmail.com&gt;
diff --git a/src/utils/WebAuthn.sol b/src/utils/WebAuthn.sol
@@ -132,8 +132,8 @@ library WebAuthn {
                 // 19. Compute `sha256(clientDataJSON)`.
                 // 20. Compute `sha256(authenticatorData ‖ sha256(clientDataJSON))`.
                 // forgefmt: disable-next-item
-                messageHash := mload(staticcall(gas(), 2, p, add(l, 0x20),
-                    staticcall(gas(), 2, o, n, e, 0x20), 0x20))
+                messageHash := mload(staticcall(gas(),
+                    shl(1, staticcall(gas(), 2, o, n, e, 0x20)), p, add(l, 0x20), 0x01, 0x20))
                 mstore(e, w) // Restore the word after `authenticatorData`, in case of reuse.
                 // `returndatasize()` is `0x20` on `sha256` success, and `0x00` otherwise.
                 if iszero(returndatasize()) { invalid() }
diff --git a/src/utils/g/WebAuthn.sol b/src/utils/g/WebAuthn.sol
@@ -136,8 +136,8 @@ library WebAuthn {
                 // 19. Compute `sha256(clientDataJSON)`.
                 // 20. Compute `sha256(authenticatorData ‖ sha256(clientDataJSON))`.
                 // forgefmt: disable-next-item
-                messageHash := mload(staticcall(gas(), 2, p, add(l, 0x20),
-                    staticcall(gas(), 2, o, n, e, 0x20), 0x20))
+                messageHash := mload(staticcall(gas(),
+                    shl(1, staticcall(gas(), 2, o, n, e, 0x20)), p, add(l, 0x20), 0x01, 0x20))
                 mstore(e, w) // Restore the word after `authenticatorData`, in case of reuse.
                 // `returndatasize()` is `0x20` on `sha256` success, and `0x00` otherwise.
                 if iszero(returndatasize()) { invalid() }
