Documentation of ecrecover #681
Comments
|
For now, take a look at this. Hopefully it'll tide you over until I can properly document this. |
|
@VoR0220, do you think this should be explicitly stated in these docs or is a quick link to the web3 docs sufficient? |
|
It does not hurt to mention it explicitly. |
|
Also either mention or fix the "invalid input" bug for ecrecover. |
|
@chriseth, what is this "invalid input" bug? |
|
Perhaps including (a link to) https://gist.github.com/axic/5b33912c6f61ae6fd96d6c4a47afde6d could be useful. |
|
I wish the code @axic posted was part of the standard library. Without it ecrecover is pretty useless to the normal developer. |
|
when i use the function ecrecover in solidity, there is something wrong , which i can not get the right result? |
|
There is a wrong answer when I use ecrecover,the address always be different.but when I use personal_ecRecover,it's right. Is there something different between those two method? I have try those method upstair,web3.eth.sign has the same result with personal.sign.but can't pass solidity ecrecover method too. |
|
Hello, apologies if this is not the correct place to comment on this (and please direct me elsewhere if necessary), but I am having the same issue - following all the examples, including the one linked to from here #2151 , I am unable to get ecrecover to work as documented (i.e. it does not return the signing address). I have posted a more detailed question here https://ethereum.stackexchange.com/questions/15364/totally-baffled-by-ecrecover with details of what I am doing. Can anyone explain what may be wrong? |
EIP-681: Payment request URL specification
|
I'm not sure how much detail we would like to mention here. We should mention that a return value of zero means "invalid input" and that the ecrecover builtin still has the "high s" issue, i.e. you can take an existing signature and modify both v and s (IIRC) in a certain way, to get a different but equally valid signature. |
|
@chriseth I'm also not very sure of the level of detail here. I can find a lot of questions, but I'm also not sure how many still apply. e.g. https://ethereum.stackexchange.com/questions/15364/ecrecover-from-geth-and-web3-eth-sign Also because we bump into the issue of Solidity being part of a toolchain again, most of the examples to show how to use @gumb0 had no recollection of the "high s" issue still existing, and neither of us can find any reference to it either. |
|
"high s" still not documented. |
|
@chriseth My comment from the last time we spoke about this remains. There are no search results for "high s", and no one else I spoke to at EF knew what was meant by it. So I am happy to document, but need a little guidance. |
|
Openzeppelin are about to fix it in the helper library: OpenZeppelin/openzeppelin-contracts#1622 We should say something along the lines of "if you use the low-level ecrecover function, be aware that a valid signature can be turned into a different valid signature without requiring knowledge of the corresponding private key. This is usually not a problem unless if you require signatures to be unique or use them to identify items." |
|
Does this help @leonardoalt and @chriseth ? And I wonder if we should hold off on merging until that OZ PR is merged? As I'm not sure this doc is true until that point? |
|
(copying from a comment on the PR): the "high s" problem, and why the ecrecover precompile behavior was left unchanged when high s became invalid for transactions, is discussed in the Homestead EIP http://eips.ethereum.org/EIPS/eip-2. |
It would be nice if the documentation would explain the parameters and maybe give an example on how you would use this function.
http://solidity.readthedocs.io/en/latest/units-and-global-variables.html#mathematical-and-cryptographic-functions
The text was updated successfully, but these errors were encountered: