Ethereum: HashTypedDataV4 does not verify properly

Leave a Comment / CRYPTOCURRENCY / By

Ethereum: HashTypedDataV4 does not verify properly

Ethereum HashTypedDataV4 Verification Issue with OpenZeppelin EIP-712 Implementation

Introduction

The Ethereum Virtual Machine (EVM) relies on the HashTypedDataV4 contract implementation, which provides a secure way to verify and manage orders. However, there has been an issue reported where HashTypedDataV4 does not verify properly when using the OpenZeppelin EIP-712 implementation. This article aims to investigate and resolve this issue.

Background

The HashTypedDataV4 contract uses a hash function to store and verify the contents of a signed order. The contract is designed in Solidity, which is the programming language used for Ethereum smart contracts. The EIP-712 implementation is used to specify the structure and format of the data stored in the contract.

Issue Identification

The reported issue involves the verification process of HashTypedDataV4 contracts that use OpenZeppelin’s EIP-712 implementation. Specifically, when a new order is signed and verified using this implementation, the hash function may not produce an expected signature, leading to incorrect verification.

Investigating the Code

To investigate further, let’s examine the code for the HashTypedDataV4 contract and the OpenZeppelin EIP-712 implementation:

HashTypedDataV4:

pragma solidity ^0.8.0;




contract HashTypedDataV4 {


    // ...




    function verifyOrder(


        uint256[] memory order,


        bytes32 public signature


    ) public pure returns (bool) {


        // ...


    }


}

EIP-712 implementation:

pragma solidity ^0.7.0; // or 0.8.0




import "


import "




contract AssetManagerBase is ERC721, ERC20 {


    // ...




    function _verifyOrderSignature(


        bytes32 public signature,


        uint256[] memory order


    ) internal override nonpayable onlyOwner {


        // ...


    }


}

Resolution

To resolve the issue, we need to modify the HashTypedDataV4 contract to use a different hash function that produces an expected signature. One possible solution is to use the Keccak-256 hash function instead of the default Ethereum hash function.

We can update the HashTypedDataV4 contract as follows:

pragma solidity ^0.8.0;




contract HashTypedDataV4 {


    // ...




    function verifyOrder(


        uint256[] memory order,


        bytes32 public signature


    ) public pure returns (bool) {


        // ...


    }




    function _hashTypedDataV4(


        uint256[] memory data,


        bytes32 public signature


    ) internal override nonpayable {


        // Use Keccak-256 hash function to store the signed order


        require(data.length >= 20, "Hash Typed Data length is less than 20");


        bytes32 hashedData = keccak256(data);


        _updateHash[hashedData];


    }




    function _updateHash(bytes32 hashedData) internal {


        // Update the hash value in the contract's storage


        // ...


    }


}

Testing and Verification

To test the updated HashTypedDataV4 contract, we can use a tool like Truffle or Remix to deploy the contract on the Ethereum network. When verifying an order using OpenZeppelin EIP-712 implementation, we should expect the hash function to produce an expected signature.

The final code for the resolved HashTypedDataV4 contract is as follows:

“`solidity

pragma solidity ^0.8.0;

contract HashTypedDataV4 {

// …

function verifyOrder(

uint256[] memory order,

bytes32 public signature

) public pure returns (bool) {

// …

ethereum address

Leave a Comment

Your email address will not be published. Required fields are marked *

Book A Call
Book A Call