disputes,token: avoid reimplementing ECDSA signature recovery

abarmat · abarmat · commit c56de828ec80 · 2020-10-03T22:31:57.000-03:00
Use OpenZeppelin’s ECDSA library for all ecrecovery operations
diff --git a/contracts/disputes/DisputeManager.sol b/contracts/disputes/DisputeManager.sol
@@ -2,6 +2,8 @@ pragma solidity ^0.6.12;
 pragma experimental ABIEncoderV2;
 
 import "@openzeppelin/contracts/math/SafeMath.sol";
+import "@openzeppelin/contracts/cryptography/ECDSA.sol";
+
 import "../governance/Managed.sol";
 
 /*
@@ -717,7 +719,11 @@ contract DisputeManager is Managed {
 
         // Obtain the signer of the fully-encoded EIP-712 message hash
         // NOTE: The signer of the attestation is the indexer that served the request
-        return _recover(messageHash, _attestation.v, _attestation.r, _attestation.s);
+        return
+            ECDSA.recover(
+                messageHash,
+                abi.encodePacked(_attestation.r, _attestation.s, _attestation.v)
+            );
     }
 
     /**
@@ -755,41 +761,6 @@ contract DisputeManager is Managed {
         return Attestation(requestCID, responseCID, subgraphDeploymentID, v, r, s);
     }
 
-    /**
-     * @dev Returns the address that signed a hashed message (`hash`) with
-     * signature `v`, `r', `s`. This address can then be used for verification purposes.
-     * @return The address recovered from the hash and signature.
-     */
-    function _recover(
-        bytes32 _hash,
-        uint8 _v,
-        bytes32 _r,
-        bytes32 _s
-    ) internal pure returns (address) {
-        // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
-        // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
-        // the valid range for s in (281): 0 < s < secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most
-        // signatures from current libraries generate a unique signature with an s-value in the lower half order.
-        //
-        // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
-        // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
-        // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
-        // these malleable signatures as well.
-        if (uint256(_s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
-            revert("ECDSA: invalid signature 's' value");
-        }
-
-        if (_v != 27 && _v != 28) {
-            revert("ECDSA: invalid signature 'v' value");
-        }
-
-        // If the signature is valid (and not malleable), return the signer address
-        address signer = ecrecover(_hash, _v, _r, _s);
-        require(signer != address(0), "ECDSA: invalid signature");
-
-        return signer;
-    }
-
     /**
      * @dev Parse a uint8 from `_bytes` starting at offset `_start`.
      * @return uint8 value
diff --git a/contracts/token/GraphToken.sol b/contracts/token/GraphToken.sol
@@ -2,6 +2,7 @@ pragma solidity ^0.6.12;
 
 import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
 import "@openzeppelin/contracts/token/ERC20/ERC20Burnable.sol";
+import "@openzeppelin/contracts/cryptography/ECDSA.sol";
 
 import "../governance/Governed.sol";
 
@@ -112,11 +113,8 @@ contract GraphToken is Governed, ERC20, ERC20Burnable {
             )
         );
 
-        address recoveredAddress = ecrecover(digest, _v, _r, _s);
-        require(
-            recoveredAddress != address(0) && _owner == recoveredAddress,
-            "GRT: invalid permit"
-        );
+        address recoveredAddress = ECDSA.recover(digest, abi.encodePacked(_r, _s, _v));
+        require(_owner == recoveredAddress, "GRT: invalid permit");
         require(_deadline == 0 || block.timestamp <= _deadline, "GRT: expired permit");
 
         _approve(_owner, _spender, _value);
