initial commit for eip-6384 #6384
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
c-new
All tests passed; auto-merging...(pass) eip-6384.md
(pass) assets/eip-6384/implementation/src/IEvalEIP712Buffer.sol
(pass) assets/eip-6384/implementation/src/MyToken/MyToken.sol
(pass) assets/eip-6384/implementation/src/MyToken/MyToken712ParserHelper.sol
(pass) assets/eip-6384/implementation/src/MyToken/MyTokenStructs.sol
(pass) assets/eip-6384/implementation/src/SeaPort/SeaPort712ParserHelper.sol
(pass) assets/eip-6384/implementation/src/SeaPort/SeaPortMock.sol
(pass) assets/eip-6384/implementation/src/SeaPort/SeaPortStructs.sol
(pass) assets/eip-6384/implementation/test/MyToken.t.sol
(pass) assets/eip-6384/implementation/test/OrderGenerator.sol
(pass) assets/eip-6384/implementation/test/SeaPort712Parser.t.sol
(pass) assets/eip-6384/implementation/test/SigUtils.sol
(pass) assets/eip-6384/media/MiceyMask-non-compliant.png
(pass) assets/eip-6384/media/ZenGo-EIP-compliant.png
|
SamWilsn
requested changes
Jan 28, 2023
There was a problem hiding this comment.
I haven't reviewed this at all, but I can tell from the number of changed files that something has been included here that shouldn't be.
Your reference implementation should contain only the minimum code required to implement your EIP, and shouldn't contain any build system files (eg. hardhat or foundry) or libraries.
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
|
The commit 80f5e6f (as a parent of 0c3bf82) contains errors. |
SamWilsn
reviewed
Jan 30, 2023
| Please note that if the explanation was part of the message to sign it would have been under the control of the attacker and hence irrelevant for security purposes. | ||
|
|
||
| Since the added functionality to the contract has the “view” modifier, it cannot change the on-chain state and harm the existing functionalities of the contract. | ||
|
|
There was a problem hiding this comment.
I think you should still mention the attack where an attacker creates both a fake website and a fake contract, and the fake contract gives a misleading description. If the real contract's domain separator doesn't contain verifyingContract than the fake contract can give whatever fraudulent description it wants.
Then you can say the attack is prevented by requiring that wallets only attempt to get descriptions when the domain separator contains a verifying contract.
There was a problem hiding this comment.
if it's a fake contract, then it has no access to the users assets, therefore not a relevant attack scenario, hence not in scope
There was a problem hiding this comment.
A signed message without verifyingContract in the domain separator would be valid for both the fake contract, and more importantly, for the real contract, right?
There was a problem hiding this comment.
if there is no verifyingContract we already mentioned explicitly "In case the EIP-712 message is not bounded to a contract, the wallet cannot call this function as the contract address is unknown and SHOULD default to its current display."
There was a problem hiding this comment.
Sorry the updated wording is "If verifyingContract is not included in the EIP-712 domain separator, wallets MUST NOT retrieve a human-readable description using this EIP. In this case, wallets SHOULD fallback to their original EIP-712 display."
There was a problem hiding this comment.
Additionally, the signature of the rogue contract will not be valid for. the good contract, as the malicious contract buffer contains a verifyingContract in as the domain separator that would fail the signature validation for the good contract as it does not take this parameter into consideration when doing ecrecover.
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
DeVaz1
changed the title
SamWilsn
reviewed
Jan 30, 2023
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
SamWilsn
reviewed
Jan 31, 2023
SamWilsn
approved these changes
Jan 31, 2023
eth-bot
approved these changes
Jan 31, 2023
iseriohn
pushed a commit
to iseriohn/EIP-NFT-Rights-Management
that referenced
this pull request
Feb 16, 2023
* initial commit for eip-readable-signatures * Update EIPS/eip-readable-signatures.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * removed build files * updated links * updated links * eip.md updated according to linter suggestions * updated EIP according to linter * updated the eip according to the linter * fixed linter errors at the md file * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * updated signature paramater name to typedDataBuffer * updated signature paramater name to typedDataBuffer * added explanation to the rationale section * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * Update EIPS/eip-6384.md Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com> * removed unnecessary media * removed unnecessary media * Update EIPS/eip-6384.md --------- Co-authored-by: Sam Wilson <57262657+SamWilsn@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When opening a pull request to submit a new EIP, please use the suggested template: https://github.com/ethereum/EIPs/blob/master/eip-template.md
We have a GitHub bot that automatically merges some PRs. It will merge yours immediately if certain criteria are met: