aion_web3 icon indicating copy to clipboard operation
aion_web3 copied to clipboard

Published 20 hours ago verified publisher icon aionnetwork

ecrecover implementation issue

Open vaishnavipanchal23 opened this issue 6 years ago • 1 comments

Web3 version: aion-web3 v1.2.6-beta.0

Implementation issue of recover function https://github.com/aionnetwork/aion_web3/blob/v1.1/packages/web3-eth-accounts/src/index.js#L316

Current implementation: Returns the address by retrieving the public key from first 32 bytes of the signature. This ignores the signature verification completely.

Expected implementation: Return the address of the signer only if the signature is verified for the given message.

Note: Also, this function name should be edverify.

vaishnavipanchal23 avatar Oct 29 '19 21:10 vaishnavipanchal23

Two things

  1. Confirm the claim that there is a missing implementation for ecrecover.

  2. For web3 implementation, ecrecover has been used in the context of secp256k1 curve and must be separated from edverify for ed25519 signature verification which is primarily used by Aion.

rakeshgohel01 avatar Nov 01 '19 08:11 rakeshgohel01