From 9fc5fbf42fc3282857a2f051e9fb98b16832629f Mon Sep 17 00:00:00 2001 From: lightclient Date: Wed, 20 Dec 2023 15:14:09 -0700 Subject: [PATCH] 3074: add nonce to auth msg to provide revocation --- EIPS/eip-3074.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/EIPS/eip-3074.md b/EIPS/eip-3074.md index 8011a67feb1bc..2a0e2f9170a7d 100644 --- a/EIPS/eip-3074.md +++ b/EIPS/eip-3074.md @@ -92,10 +92,11 @@ If `length` is greater than 97, the extra bytes are ignored for signature verifi `authority` is the address of the account which generated the signature. -The arguments (`yParity`, `r`, `s`) are interpreted as an ECDSA signature on the secp256k1 curve over the message `keccak256(MAGIC || chainId || paddedInvokerAddress || commit)`, where: +The arguments (`yParity`, `r`, `s`) are interpreted as an ECDSA signature on the secp256k1 curve over the message `keccak256(MAGIC || chainId || nonce || invokerAddress || commit)`, where: - `chainId` is the current chain's [EIP-155](./eip-155.md) unique identifier padded to 32 bytes. - - `paddedInvokerAddress` is the address of the contract executing `AUTH` (or the active state address in the context of `CALLCODE` or `DELEGATECALL`), left-padded with zeroes to a total of 32 bytes (ex. `0x000000000000000000000000AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`). + - `nonce` is the signer's nonce after which the message will be considered invalid, left-padded to 32 bytes. + - `invokerAddress` is the address of the contract executing `AUTH` (or the active state address in the context of `CALLCODE` or `DELEGATECALL`), left-padded with zeroes to a total of 32 bytes (ex. `0x000000000000000000000000AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`). - `commit`, one of the arguments passed into `AUTH`, is a 32-byte value that can be used to commit to specific additional validity conditions in the invoker's pre-processing logic (e.g. a nonce for replay protection). Signature validity and signer recovery is handled analogously to transaction signatures, including the stricter `s` range for preventing ECDSA malleability. Note that `yParity` is expected to be `0` or `1`. @@ -109,7 +110,8 @@ If the signature is valid and the signer address is equal to `authority`, the co The gas cost for `AUTH` is equal to the sum of: - fixed fee `3100`. - - memory expansion gas cost (`auth_memory_expansion_fee`) + - memory expansion gas cost (`auth_memory_expansion_fee`). + - `100` if `authority` is warm, `2600` if it is cold (per [EIP-2929](./eip-2929.md)). The fixed fee is equal to the cost for the `ecrecover` precompile, plus a bit extra to cover a keccak256 hash and some additional logic.