solmate icon indicating copy to clipboard operation
solmate copied to clipboard
verified publisher icon transmissions11

✨ ECDSA Wrapper

Open Vectorized opened this issue 3 years ago • 7 comments

Description

For #244.

Using this can save about 700 gas over OpenZeppelin's implementation.

Tests are ported over from OpenZeppelin.
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/test/utils/cryptography/ECDSA.test.js

Although I recommend that toEthSignedMessageHash(bytes32 hash) be used for efficiency reasons, I've included the toEthSignedMessageHash(bytes memory s) function for completeness. If you want to remove the latter, let me know.

Due to the use of staticcall and gas() to call ecrecover in assembly,
the recover function has to be marked as view instead of pure.

If you know how to force the compiler to accept the function as pure, let me know.

Checklist

Ensure you completed all of the steps below before submitting your pull request:

  • [x] Ran forge snapshot?
  • [x] Ran npm run lint?
  • [x] Ran forge test?

Pull requests with an incomplete checklist will be thrown out.

Vectorized avatar May 21 '22 08:05 Vectorized

Ok, let it marinate for a day or few.

Vectorized avatar May 21 '22 13:05 Vectorized

@Vectorized I wanted you make you aware of a recent finding (h/t to @axic).

All client implementations of the precompile ecrecover (address 0x01) apparently check if the value v is 27 or 28. The references for the different client implementations can be found in the already merged Yellow Paper PR #860. There are however as well good reasons to keep the checks: https://github.com/OpenZeppelin/openzeppelin-contracts/issues/3457#issuecomment-1149847041. Nonetheless, checking a condition twice (library & pre-compile implementation) is still not right IMHO.

image

pcaversaccio avatar Jun 09 '22 07:06 pcaversaccio

@pcaversaccio I have already removed the check and rearranged some opcodes for lesser stack operations. ;)

https://github.com/Rari-Capital/solmate/pull/247/commits/e8aaa05958625d05a8180683c1f02f9a6e319b8c

I also knew that the precompile had the checks all along lol 😂 But kept the check back then cuz it made the invalid signature case much cheaper (by 3k gas).

Glad that the provocative PR inspired a yellowpaper clarification.

But the tweets made me rethink it’s better to optimize for the happy case for this PR (since we aren’t reverting here).

Vectorized avatar Jun 09 '22 07:06 Vectorized

@Vectorized I just saw your recent commit. I looked at it yesterday and quickly chatted with @transmissions11 first and then came back today to raise it without checking for new commits. Yeah agreed on the happy case :-D - I mean who doesn't want to optimise for the happy case lol

pcaversaccio avatar Jun 09 '22 08:06 pcaversaccio

@1kresh If you can't wait use this first: https://github.com/Vectorized/solady

Vectorized avatar Jul 29 '22 00:07 Vectorized

Is it still planned to get this merged?

pcaversaccio avatar Apr 21 '23 10:04 pcaversaccio

Any reason this PR doesn't seem to be getting merged?

Czar102 avatar Jul 04 '24 16:07 Czar102