NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
79dd498b16b957399f84b9aa7e720f98f9eb83e3
openzeppelin-contracts/contracts/drafts/SignatureBouncer.sol
nikeshnazareth 0dded493a0 Nonfunctional typos #1643 (#1652) 
* Add IntelliJ IDE config to .gitignore

* Fix variable name in ERC20 function comments

* Fix typos in Arrays function comment

* Fix typos in ownership test names

* Fix typo in Pausable test name

* Fix grammar in Ownable function comment

* Fix grammar in Crowdsale contract comment

* Fix typo in Counters contract comment

* Fix typo in ERC721Enumerable comment

* Fix typo in ERC721PausedToken test name

* Fix typo in Crowdsale function comment

* Fix typo in IncreasingPriceCrowdsale function comment

* Fix grammar in IncreasingPriceCrowdsale test name

* Fix typo in AllowanceCrowdsale test name

* Fix typo in RefundEscrow function comment

* Fix typo in ERC20Migrator contract comment

* Fix typos in SignatureBouncer comments

* Fix typo in SignedSafeMath test name

* Fix typo in TokenVesting contract comment

* Move Ownable comment from @notice section to @dev

The Ownable contract has a comment explaining that renouncing
ownership will prevent execution of functions with the onlyOwner
modifier.

This commit moves that comment to the @dev section and replaces it
with a description suitable for a generic user.

* Clarify purpose of ERC20 transfer function

* Clarify registration of ERC721Enumerable interface

* Clarify purpose of AllowanceCrowdsale test

* Increase specificity of inheritance comments

FinalizableCrowdsale and RefundableCrowsale both have comments
indicating that they are extensions of the Crowdsale contract.

This commit refines those comments to the most immediate ancestor
( TimedCrowdsale and RefundableCrowdsale respectively )

* Remove unused parameter in PaymentSplitter test

* Rename parameter in SignatureBouncer functions

The SignatureBouncer contract has modifiers to validate the
message sender is authorised to perform an action. They pass
msg.sender to internal functions as the variable `account`, but
the function comments refer to the variable as `sender`

This commit changes the variable name to `sender`

* Clarify comments in SignatureBouncer functions

The SignatureBouncer has comments that use the description
`sender` to refer to the variable `account`.

This commit updates the comments for consistency.

Maintainer Note: this reverts changes in the previous commit,
which renamed the variable `account` instead.
2019-02-28 11:46:13 -03:00

121 lines
4.9 KiB
Solidity
Raw Blame History

pragma solidity ^0.5.2;
import "../access/roles/SignerRole.sol";
import "../cryptography/ECDSA.sol";
/**
* @title SignatureBouncer
* @author PhABC, Shrugs and aflesher
* @dev SignatureBouncer allows users to submit a signature as a permission to
* do an action.
* If the signature is from one of the authorized signer addresses, the
* signature is valid.
* Note that SignatureBouncer offers no protection against replay attacks, users
* must add this themselves!
*
* Signer addresses can be individual servers signing grants or different
* users within a decentralized club that have permission to invite other
* members. This technique is useful for whitelists and airdrops; instead of
* putting all valid addresses on-chain, simply sign a grant of the form
* keccak256(abi.encodePacked(`:contractAddress` + `:granteeAddress`)) using a
* valid signer address.
* Then restrict access to your crowdsale/whitelist/airdrop using the
* `onlyValidSignature` modifier (or implement your own using _isValidSignature).
* In addition to `onlyValidSignature`, `onlyValidSignatureAndMethod` and
* `onlyValidSignatureAndData` can be used to restrict access to only a given
* method or a given method with given parameters respectively.
* See the tests in SignatureBouncer.test.js for specific usage examples.
*
* @notice A method that uses the `onlyValidSignatureAndData` modifier must make
* the _signature parameter the "last" parameter. You cannot sign a message that
* has its own signature in it so the last 128 bytes of msg.data (which
* represents the length of the _signature data and the _signature data itself)
* is ignored when validating. Also non fixed sized parameters make constructing
* the data in the signature much more complex.
* See https://ethereum.stackexchange.com/a/50616 for more details.
*/
contract SignatureBouncer is SignerRole {
using ECDSA for bytes32;
// Function selectors are 4 bytes long, as documented in
// https://solidity.readthedocs.io/en/v0.4.24/abi-spec.html#function-selector
uint256 private constant _METHOD_ID_SIZE = 4;
// Signature size is 65 bytes (tightly packed v + r + s), but gets padded to 96 bytes
uint256 private constant _SIGNATURE_SIZE = 96;
constructor () internal {
// solhint-disable-previous-line no-empty-blocks
}
/**
* @dev requires that a valid signature of a signer was provided
*/
modifier onlyValidSignature(bytes memory signature) {
require(_isValidSignature(msg.sender, signature));
_;
}
/**
* @dev requires that a valid signature with a specified method of a signer was provided
*/
modifier onlyValidSignatureAndMethod(bytes memory signature) {
require(_isValidSignatureAndMethod(msg.sender, signature));
_;
}
/**
* @dev requires that a valid signature with a specified method and params of a signer was provided
*/
modifier onlyValidSignatureAndData(bytes memory signature) {
require(_isValidSignatureAndData(msg.sender, signature));
_;
}
/**
* @dev is the signature of `this + account` from a signer?
* @return bool
*/
function _isValidSignature(address account, bytes memory signature) internal view returns (bool) {
return _isValidDataHash(keccak256(abi.encodePacked(address(this), account)), signature);
}
/**
* @dev is the signature of `this + account + methodId` from a signer?
* @return bool
*/
function _isValidSignatureAndMethod(address account, bytes memory signature) internal view returns (bool) {
bytes memory data = new bytes(_METHOD_ID_SIZE);
for (uint i = 0; i < data.length; i++) {
data[i] = msg.data[i];
}
return _isValidDataHash(keccak256(abi.encodePacked(address(this), account, data)), signature);
}
/**
* @dev is the signature of `this + account + methodId + params(s)` from a signer?
* @notice the signature parameter of the method being validated must be the "last" parameter
* @return bool
*/
function _isValidSignatureAndData(address account, bytes memory signature) internal view returns (bool) {
require(msg.data.length > _SIGNATURE_SIZE);
bytes memory data = new bytes(msg.data.length - _SIGNATURE_SIZE);
for (uint i = 0; i < data.length; i++) {
data[i] = msg.data[i];
}
return _isValidDataHash(keccak256(abi.encodePacked(address(this), account, data)), signature);
}
/**
* @dev internal function to convert a hash to an eth signed message
* and then recover the signature and check it against the signer role
* @return bool
*/
function _isValidDataHash(bytes32 hash, bytes memory signature) internal view returns (bool) {
address signer = hash.toEthSignedMessageHash().recover(signature);
return signer != address(0) && isSigner(signer);
}
}
Reference in New Issue View Git Blame Copy Permalink