Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update EIP-3074: add nonce to auth msg to provide revocation #8050

Merged
merged 1 commit into from
Dec 27, 2023
Merged

Update EIP-3074: add nonce to auth msg to provide revocation #8050

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions EIPS/eip-3074.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,10 +92,11 @@ If `length` is greater than 97, the extra bytes are ignored for signature verifi

`authority` is the address of the account which generated the signature.

The arguments (`yParity`, `r`, `s`) are interpreted as an ECDSA signature on the secp256k1 curve over the message `keccak256(MAGIC || chainId || paddedInvokerAddress || commit)`, where:
The arguments (`yParity`, `r`, `s`) are interpreted as an ECDSA signature on the secp256k1 curve over the message `keccak256(MAGIC || chainId || nonce || invokerAddress || commit)`, where:

- `chainId` is the current chain's [EIP-155](./eip-155.md) unique identifier padded to 32 bytes.
- `paddedInvokerAddress` is the address of the contract executing `AUTH` (or the active state address in the context of `CALLCODE` or `DELEGATECALL`), left-padded with zeroes to a total of 32 bytes (ex. `0x000000000000000000000000AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`).
- `nonce` is the signer's nonce after which the message will be considered invalid, left-padded to 32 bytes.
- `invokerAddress` is the address of the contract executing `AUTH` (or the active state address in the context of `CALLCODE` or `DELEGATECALL`), left-padded with zeroes to a total of 32 bytes (ex. `0x000000000000000000000000AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`).
- `commit`, one of the arguments passed into `AUTH`, is a 32-byte value that can be used to commit to specific additional validity conditions in the invoker's pre-processing logic (e.g. a nonce for replay protection).

Signature validity and signer recovery is handled analogously to transaction signatures, including the stricter `s` range for preventing ECDSA malleability. Note that `yParity` is expected to be `0` or `1`.
Expand All @@ -109,7 +110,8 @@ If the signature is valid and the signer address is equal to `authority`, the co
The gas cost for `AUTH` is equal to the sum of:

- fixed fee `3100`.
- memory expansion gas cost (`auth_memory_expansion_fee`)
- memory expansion gas cost (`auth_memory_expansion_fee`).
- `100` if `authority` is warm, `2600` if it is cold (per [EIP-2929](./eip-2929.md)).

The fixed fee is equal to the cost for the `ecrecover` precompile, plus a bit extra to cover a keccak256 hash and some additional logic.

Expand Down