-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MessageHash, StakeIntentHash and RedeemIntentHash should be hashed as per EIP-712. #415
Comments
Now the current challenge is that the data user will sign should be readable. In the current implementation, it is not and the user will see hashed data. So we can have the following two approaches so that data can be presented to the user.
Second
Let me know what is your opinion. |
Why can we not add the hash lock? |
Second example seems to be aligned with the example at EIP712 below :- To me it make sense to move ahead with second approach(without changing Stake and Message struct) if anyone doesn't have any concern. cc: @benjaminbollen @schemar @deepesh-kn @sarvesh-ost |
Yes, the second approach looks better. |
In this case, message hash is signed by the staker/redeemer. Hashlock is provided by the facilitator, so the hash lock is not part of the message hash. If we create a new hash using message hash and the unlock key than we are not getting ant major benefit as compared to the first approach. Does anyone have a 3rd approach? I am feeling more inclined towards the first approach. |
OK that makes sense. The hash lock definitely has to be there, then. Another question: if the stake intent is part of the message. And the nonce and gateway are part of the stake intent. Then why do we need to add them again to the message? Would the following not work? The sender could sign the intent hash, the facilitator could sign the message hash, and still all data could be "proven" with the hashes. Am I missing something? 🤔 bytes32 STAKE_INTENT_TYPE_HASH = keccak256(
abi.encodePacked(
"StakeIntentHash(address staker,uint256 amount,address beneficiary,uint256 gasPrice,uint256 gasLimit,uint256 bounty,uint256 nonce,address gateway)"
)
);
bytes32 MESSAGE_TYPE_HASH = keccak256(
abi.encodePacked(
"Message(bytes32 intentHash,address sender,bytes32 hashLock)"
)
);
bytes32 stakeIntentHash = keccak256(
abi.encodePacked(
STAKE_INTENT_TYPE_HASH,
staker,
amount,
beneficiary,
gasPrice,
gasLimit,
bounty,
nonce,
gateway
)
);
bytes32 messageHash = keccak256(
abi.encodePacked(
MESSAGE_TYPE_HASH,
stakeIntentHash,
sender,
hashLock
)
); |
Message bus does not know how the
|
In that case I think it makes sense to add the parameters in both places. They are there for "different" reasons. |
After discussing the topic one more time, we agreed to:
/cc @deepesh-kn @sarvesh-ost |
The Message, StakeIntent, and RedeemIntent now have a new structure and different fields that are part of the hash. Stake and redeem intent now consist of amount, beneficiary, and (originating) gateway address. The Message has as first parameter a hash which is not specific to staking or redeeming. All three pre-images now include a type hash as per EIP712. This means that I was able to remove a lot of stake/redeem specific code for message hashing. A message's hash is now generated regardless of the kind of intent it holds. I added a method `storeMessage` which creates a message hash and stores the message at the hash in the mapping. The reason was to circumvent a "stack too deep" error which prevented me from creating the hash directly in confirm stake/redeem intent. I restructured the tests in an effort to make them more easily understandable. I spent quite some time wrapping my head around the construct. I did not add the domain separator yet, as the hashes are never signed or the signature proven/verified. :warning: Please check that the new logic of how and what is hashed still guarantees correctness and prevents fraud when relaying the messages :warning: Fixes OpenST#415
The Message, StakeIntent, and RedeemIntent now have a new structure and different fields that are part of the hash. Stake and redeem intent now consist of amount, beneficiary, and (originating) gateway address. The Message has as first parameter a hash which is not specific to staking or redeeming. All three pre-images now include a type hash as per EIP712. This means that I was able to remove a lot of stake/redeem specific code for message hashing. A message's hash is now generated regardless of the kind of intent it holds. I added a method `storeMessage` which creates a message hash and stores the message at the hash in the mapping. The reason was to circumvent a "stack too deep" error which prevented me from creating the hash directly in confirm stake/redeem intent. I restructured the tests in an effort to make them more easily understandable. I spent quite some time wrapping my head around the construct. I did not add the domain separator yet, as the hashes are never signed or the signature proven/verified. :warning: Please check that the new logic of how and what is hashed still guarantees correctness and prevents fraud when relaying the messages :warning: Fixes OpenST#415
User Story
Staker / Redeemer needs to sign the structured data. This data should be hashed as per the standard specified in EIP-712.
Following structure exists in the code.
In
EIP20Gateways
there isstruct Stake
.In
EIP20Gateways
there isstruct Redeem
.In
MessageBus
there isstruct Message
.This means that
The type hash are as per the EIP-712 standards.
The text was updated successfully, but these errors were encountered: