From 33ea1111b07893bf4f737e1ab0987f138a49a0d7 Mon Sep 17 00:00:00 2001
From: Hadrien Croubois <hadrien.croubois@gmail.com>
Date: Thu, 14 Mar 2024 17:27:15 +0100
Subject: [PATCH] Avoid validating ECDSA signatures for addresses with code in
 SignatureChecker  (#4951)

Co-authored-by: ernestognw <ernestognw@gmail.com>
---
 .changeset/yellow-moles-hammer.md                 |  5 +++++
 contracts/utils/cryptography/SignatureChecker.sol | 10 ++++++----
 2 files changed, 11 insertions(+), 4 deletions(-)
 create mode 100644 .changeset/yellow-moles-hammer.md

diff --git a/.changeset/yellow-moles-hammer.md b/.changeset/yellow-moles-hammer.md
new file mode 100644
index 000000000..b13971a28
--- /dev/null
+++ b/.changeset/yellow-moles-hammer.md
@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`SignatureChecker`: refactor `isValidSignatureNow` to avoid validating ECDSA signatures if there is code deployed at the signer's address.
diff --git a/contracts/utils/cryptography/SignatureChecker.sol b/contracts/utils/cryptography/SignatureChecker.sol
index 7eb0fea90..9aaa2e071 100644
--- a/contracts/utils/cryptography/SignatureChecker.sol
+++ b/contracts/utils/cryptography/SignatureChecker.sol
@@ -20,10 +20,12 @@ library SignatureChecker {
      * change through time. It could return true at block N and false at block N+1 (or the opposite).
      */
     function isValidSignatureNow(address signer, bytes32 hash, bytes memory signature) internal view returns (bool) {
-        (address recovered, ECDSA.RecoverError error, ) = ECDSA.tryRecover(hash, signature);
-        return
-            (error == ECDSA.RecoverError.NoError && recovered == signer) ||
-            isValidERC1271SignatureNow(signer, hash, signature);
+        if (signer.code.length == 0) {
+            (address recovered, ECDSA.RecoverError err, ) = ECDSA.tryRecover(hash, signature);
+            return err == ECDSA.RecoverError.NoError && recovered == signer;
+        } else {
+            return isValidERC1271SignatureNow(signer, hash, signature);
+        }
     }
 
     /**