Skip to content

feat(cheatcodes): Add vm.signWithNonce(privateKey, digest, nonce) cheatcode (Crypto) #11267

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 14 commits into
base: master
Choose a base branch
from
Open

feat(cheatcodes): Add vm.signWithNonce(privateKey, digest, nonce) cheatcode (Crypto) #11267

wants to merge 14 commits into from

Conversation

Ectario
Copy link

@Ectario Ectario commented Aug 10, 2025
edited
Loading

Motivation

Security researchers and advanced test writers sometimes need to create deterministic ECDSA signatures with a chosen ephemeral nonce k.

This is useful to:

  • Reproduce signatures deterministically for debugging or reproducibility.
  • Stress test and fuzz systems that rely on signature uniqueness.

Currently, Foundry's vm.sign only derives k internally (RFC6979) and does not allow injecting a fixed nonce.
For security testing and deeper protocol analysis, we need a way to supply k manually.

Closes #11266.

Solution

This PR introduces a new cheatcode:

function signWithNonce(uint256 privateKey, bytes32 digest, uint256 nonce)
    external
    returns (uint8 v, bytes32 r, bytes32 s);
  • Signs digest on secp256k1 using privateKey and a user-supplied nonce k.
  • Requires both privateKey and nonce to be in (0, n) where n is the secp256k1 curve order.
  • Performs low-s normalization and recovery id computation.
  • Intended primarily for security testing, fuzzing, and reproducing edge cases — not for production signing.

Changes include:

  • crypto.rs implementation of the fixed-nonce signing path.
  • Integration in the cheatcodes Vm.sol interface.
  • New Solidity tests in testdata/default/cheats/Sign.t.sol covering valid and invalid nonce cases.

PR Checklist

  • Added Tests
  • Added Documentation

@Ectario Ectario requested a review from DaniPopes as a code owner August 10, 2025 15:38
@Ectario Ectario changed the title Gen sig with nonce feat: Add vm.signWithNonce(privateKey, digest, nonce) cheatcode (Crypto) Aug 10, 2025
@Ectario Ectario changed the title feat: Add vm.signWithNonce(privateKey, digest, nonce) cheatcode (Crypto) feat(cheatcodes): Add vm.signWithNonce(privateKey, digest, nonce) cheatcode (Crypto) Aug 12, 2025
@Ectario Ectario changed the title feat(cheatcodes): Add vm.signWithNonce(privateKey, digest, nonce) cheatcode (Crypto) feat(cheatcodes): Add vm.signWithNonce(privateKey, digest, nonce) cheatcode (Crypto) Aug 12, 2025
@Ectario
Copy link
Author

Ectario commented Aug 12, 2025
edited
Loading

Hi team,
Just wondering, was it intentional to not have cargo cheats included in the make pr target in the Makefile? (And is it expected that the first cargo cheats crashes but the second runs fine?)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DaniPopes DaniPopes Awaiting requested review from DaniPopes DaniPopes is a code owner

@klkvr klkvr Awaiting requested review from klkvr klkvr is a code owner

@mattsse mattsse Awaiting requested review from mattsse mattsse is a code owner

@grandizzy grandizzy Awaiting requested review from grandizzy grandizzy is a code owner

@yash-atreya yash-atreya Awaiting requested review from yash-atreya yash-atreya is a code owner

@zerosnacks zerosnacks Awaiting requested review from zerosnacks zerosnacks is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Foundry
Status: No status
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add vm.signWithNonce(privateKey, digest, nonce) cheatcode (Crypto)
1 participant
@Ectario