Add feeRecipient or taker signature to prove ownership

[BMillman19]

[BMillman19]

what about in cases where these addresses are smart contracts?

[tomhschmidt]

Can probably just sign with the address that deployed the fee_recipient contract, no?

[BMillman19]

hm.. I guess so, but the deployer is not always the "owner" of the contract, for example, a fees splitting contract that has some voting mechanism to select fee receivers that initially disburses fees to the some set of addresses including the deployer but over time votes the deploying address out.

[fabioberger]

I like this idea.

[AusIV]

OpenRelay uses a contract factory to deploy our affiliate contracts. The fee recipients are contracts, and thus have no keys with which to sign messages, and they were deployed by a contract, so it has no keys with to sign messages.

We don't consider affiliate addresses to be "our" addresses (our affiliates are welcome to report them as their own), but if there were a signature element it would need to go back to whoever submitted the transaction to create the contract, even though the contract was actually created via a contract call.

We have attempted to address this by adding a "relayerName" property to our affiliate contracts, so people can look them up easily even if they're not here.

[tomhschmidt]

Yeah, that's a fair point -- this is partially why we added the endpoint for fee recipient addresses in SRA V2. The information in this repo is intended to be helpful, not critical, and I don't really see potential fund loss or vulnerabilities coming from an attack here.