openzeppelin-contracts icon indicating copy to clipboard operation
openzeppelin-contracts copied to clipboard

Published 20 hours ago verified publisher icon OpenZeppelin

Make `permit` compatible with smart-contract wallets like Gnosis and Argent

Open juniset opened this issue 3 years ago • 4 comments

Motivation

Make the permit method compatible with smart-contract wallets that implement EIP1271, and make smart-contract wallets compatible with dapp flows that leverage the permit method (e.g. via WalletConnect).

Requested change

Replace ECDSA.recover by SignatureChecker. isValidSignatureNow in https://github.com/OpenZeppelin/openzeppelin-contracts/blob/aefcb3e8aa4ee8da8e2b7022ffe4dcb57fbb0fdf/contracts/token/ERC20/extensions/draft-ERC20Permit.sol#L55 .

juniset avatar Sep 02 '21 11:09 juniset

Thank you @juniset for raising this issue.

It is technically possible, and I would even say easy, to fix this issue for ERC20Permit.

One should note that ERC20Votes (our implementation of the Comp voting token) and Governor (base one Compound's Governor's ABI) do use ECDSA.recover in a context where the user address is unknown (recovered by ecdsa). This means that there will still be part of our code where we cannot unfortunately use SignatureChecker.isValidSignatureNow.

  • ERC20.delegateBySig
  • Governor.castVoteBySig

Amxx avatar Sep 02 '21 12:09 Amxx

We really want to do this, but the current text of EIP-2612 is very explicit that the permit is an ECDSA signature by the token owner address:

  • r, s and v is a valid secp256k1 signature from owner of the message [...]

So we don't feel comfortable making this change unilaterally, and the EIP is still in Draft so there is an opportunity to make this change directly in the spec. The fact that it is backwards compatible makes me hopeful that it should be accepted without much pushback.

We think the best course of action is to propose a pull request in ethereum/EIPs with the required change to EIP-2612. @juniset What do you think?

frangio avatar Sep 02 '21 18:09 frangio

@frangio I agree that the spec of EIP-2612 should be clarified to include EIP-1271 signatures as being valid. I had raised that issue a while ago (https://github.com/ethereum/EIPs/issues/2613#issuecomment-712663371) and mentioned it again today.

However, one could argue that using SigantureChecker instead of ECDSA in your implementation today is compliant with the specification since a EIP-1721 signature is a valid secp256k1 signature from the owner of the message when the owner is a smart-contract, i.e. it depends of your definition of "valid".

Adding it today would also give a signal to the supporters of EIP-2612 and encourage them to clarify the definition of a valid signature.

juniset avatar Sep 13 '21 09:09 juniset

@juniset Just to clarify I meant opening a pull request directly with the change ready to be accepted by the authors of the EIP. I think this will be a more sure way to get it accepted.

frangio avatar Sep 14 '21 02:09 frangio