Merge pull request #1011 from gurukamath/sig-recovery-checks

Add checks to signature recovery
ethereum · Sep 19, 2024 · 10125b1 · 10125b1
2 parents 2bb8498 + 05e7756
commit 10125b1
Show file tree

Hide file tree

Showing 38 changed files with 361 additions and 204 deletions.
diff --git a/src/ethereum/arrow_glacier/fork.py b/src/ethereum/arrow_glacier/fork.py
@@ -16,6 +16,7 @@
 from typing import List, Optional, Set, Tuple, Union
 
 from ethereum.base_types import Bytes0
+from ethereum.crypto import InvalidSignature
 from ethereum.crypto.elliptic_curve import SECP256K1N, secp256k1_recover
 from ethereum.crypto.hash import Hash32, keccak256
 from ethereum.ethash import dataset_size, generate_cache, hashimoto_light
@@ -417,6 +418,7 @@ def check_transaction(
     """
     if tx.gas > gas_available:
         raise InvalidBlock
+
     sender_address = recover_sender(chain_id, tx)
 
     if isinstance(tx, FeeMarketTransaction):
@@ -958,26 +960,29 @@ def recover_sender(chain_id: U64, tx: Transaction) -> Address:
     if 0 >= s or s > SECP256K1N // 2:
         raise InvalidBlock
 
-    if isinstance(tx, LegacyTransaction):
-        v = tx.v
-        if v == 27 or v == 28:
+    try:
+        if isinstance(tx, LegacyTransaction):
+            v = tx.v
+            if v == 27 or v == 28:
+                public_key = secp256k1_recover(
+                    r, s, v - 27, signing_hash_pre155(tx)
+                )
+            else:
+                if v != 35 + chain_id * 2 and v != 36 + chain_id * 2:
+                    raise InvalidBlock
+                public_key = secp256k1_recover(
+                    r, s, v - 35 - chain_id * 2, signing_hash_155(tx, chain_id)
+                )
+        elif isinstance(tx, AccessListTransaction):
             public_key = secp256k1_recover(
-                r, s, v - 27, signing_hash_pre155(tx)
+                r, s, tx.y_parity, signing_hash_2930(tx)
             )
-        else:
-            if v != 35 + chain_id * 2 and v != 36 + chain_id * 2:
-                raise InvalidBlock
+        elif isinstance(tx, FeeMarketTransaction):
             public_key = secp256k1_recover(
-                r, s, v - 35 - chain_id * 2, signing_hash_155(tx, chain_id)
+                r, s, tx.y_parity, signing_hash_1559(tx)
             )
-    elif isinstance(tx, AccessListTransaction):
-        public_key = secp256k1_recover(
-            r, s, tx.y_parity, signing_hash_2930(tx)
-        )
-    elif isinstance(tx, FeeMarketTransaction):
-        public_key = secp256k1_recover(
-            r, s, tx.y_parity, signing_hash_1559(tx)
-        )
+    except InvalidSignature as e:
+        raise InvalidBlock from e
 
     return Address(keccak256(public_key)[12:32])
 

diff --git a/src/ethereum/arrow_glacier/vm/precompiled_contracts/ecrecover.py b/src/ethereum/arrow_glacier/vm/precompiled_contracts/ecrecover.py
@@ -12,6 +12,7 @@
 Implementation of the ECRECOVER precompiled contract.
 """
 from ethereum.base_types import U256
+from ethereum.crypto import InvalidSignature
 from ethereum.crypto.elliptic_curve import SECP256K1N, secp256k1_recover
 from ethereum.crypto.hash import Hash32, keccak256
 from ethereum.utils.byte import left_pad_zero_bytes
@@ -52,7 +53,7 @@ def ecrecover(evm: Evm) -> None:
 
     try:
         public_key = secp256k1_recover(r, s, v - 27, message_hash)
-    except ValueError:
+    except InvalidSignature:
         # unable to extract public key
         return
 

diff --git a/src/ethereum/berlin/fork.py b/src/ethereum/berlin/fork.py
@@ -16,6 +16,7 @@
 from typing import List, Optional, Set, Tuple, Union
 
 from ethereum.base_types import Bytes0
+from ethereum.crypto import InvalidSignature
 from ethereum.crypto.elliptic_curve import SECP256K1N, secp256k1_recover
 from ethereum.crypto.hash import Hash32, keccak256
 from ethereum.ethash import dataset_size, generate_cache, hashimoto_light
@@ -335,6 +336,7 @@ def check_transaction(
     """
     if tx.gas > gas_available:
         raise InvalidBlock
+
     sender_address = recover_sender(chain_id, tx)
 
     return sender_address
@@ -839,22 +841,25 @@ def recover_sender(chain_id: U64, tx: Transaction) -> Address:
     if 0 >= s or s > SECP256K1N // 2:
         raise InvalidBlock
 
-    if isinstance(tx, LegacyTransaction):
-        v = tx.v
-        if v == 27 or v == 28:
+    try:
+        if isinstance(tx, LegacyTransaction):
+            v = tx.v
+            if v == 27 or v == 28:
+                public_key = secp256k1_recover(
+                    r, s, v - 27, signing_hash_pre155(tx)
+                )
+            else:
+                if v != 35 + chain_id * 2 and v != 36 + chain_id * 2:
+                    raise InvalidBlock
+                public_key = secp256k1_recover(
+                    r, s, v - 35 - chain_id * 2, signing_hash_155(tx, chain_id)
+                )
+        elif isinstance(tx, AccessListTransaction):
             public_key = secp256k1_recover(
-                r, s, v - 27, signing_hash_pre155(tx)
+                r, s, tx.y_parity, signing_hash_2930(tx)
             )
-        else:
-            if v != 35 + chain_id * 2 and v != 36 + chain_id * 2:
-                raise InvalidBlock
-            public_key = secp256k1_recover(
-                r, s, v - 35 - chain_id * 2, signing_hash_155(tx, chain_id)
-            )
-    elif isinstance(tx, AccessListTransaction):
-        public_key = secp256k1_recover(
-            r, s, tx.y_parity, signing_hash_2930(tx)
-        )
+    except InvalidSignature as e:
+        raise InvalidBlock from e
 
     return Address(keccak256(public_key)[12:32])
 

diff --git a/src/ethereum/berlin/vm/precompiled_contracts/ecrecover.py b/src/ethereum/berlin/vm/precompiled_contracts/ecrecover.py
@@ -12,6 +12,7 @@
 Implementation of the ECRECOVER precompiled contract.
 """
 from ethereum.base_types import U256
+from ethereum.crypto import InvalidSignature
 from ethereum.crypto.elliptic_curve import SECP256K1N, secp256k1_recover
 from ethereum.crypto.hash import Hash32, keccak256
 from ethereum.utils.byte import left_pad_zero_bytes
@@ -52,7 +53,7 @@ def ecrecover(evm: Evm) -> None:
 
     try:
         public_key = secp256k1_recover(r, s, v - 27, message_hash)
-    except ValueError:
+    except InvalidSignature:
         # unable to extract public key
         return
 

diff --git a/src/ethereum/byzantium/fork.py b/src/ethereum/byzantium/fork.py
@@ -16,6 +16,7 @@
 from typing import List, Optional, Set, Tuple
 
 from ethereum.base_types import Bytes0
+from ethereum.crypto import InvalidSignature
 from ethereum.crypto.elliptic_curve import SECP256K1N, secp256k1_recover
 from ethereum.crypto.hash import Hash32, keccak256
 from ethereum.ethash import dataset_size, generate_cache, hashimoto_light
@@ -329,6 +330,7 @@ def check_transaction(
     """
     if tx.gas > gas_available:
         raise InvalidBlock
+
     sender_address = recover_sender(chain_id, tx)
 
     return sender_address
@@ -811,14 +813,20 @@ def recover_sender(chain_id: U64, tx: Transaction) -> Address:
     if 0 >= s or s > SECP256K1N // 2:
         raise InvalidBlock
 
-    if v == 27 or v == 28:
-        public_key = secp256k1_recover(r, s, v - 27, signing_hash_pre155(tx))
-    else:
-        if v != 35 + chain_id * 2 and v != 36 + chain_id * 2:
-            raise InvalidBlock
-        public_key = secp256k1_recover(
-            r, s, v - 35 - chain_id * 2, signing_hash_155(tx, chain_id)
-        )
+    try:
+        if v == 27 or v == 28:
+            public_key = secp256k1_recover(
+                r, s, v - 27, signing_hash_pre155(tx)
+            )
+        else:
+            if v != 35 + chain_id * 2 and v != 36 + chain_id * 2:
+                raise InvalidBlock
+            public_key = secp256k1_recover(
+                r, s, v - 35 - chain_id * 2, signing_hash_155(tx, chain_id)
+            )
+    except InvalidSignature as e:
+        raise InvalidBlock from e
+
     return Address(keccak256(public_key)[12:32])
 
 

diff --git a/src/ethereum/byzantium/vm/precompiled_contracts/ecrecover.py b/src/ethereum/byzantium/vm/precompiled_contracts/ecrecover.py
@@ -12,6 +12,7 @@
 Implementation of the ECRECOVER precompiled contract.
 """
 from ethereum.base_types import U256
+from ethereum.crypto import InvalidSignature
 from ethereum.crypto.elliptic_curve import SECP256K1N, secp256k1_recover
 from ethereum.crypto.hash import Hash32, keccak256
 from ethereum.utils.byte import left_pad_zero_bytes
@@ -52,7 +53,7 @@ def ecrecover(evm: Evm) -> None:
 
     try:
         public_key = secp256k1_recover(r, s, v - 27, message_hash)
-    except ValueError:
+    except InvalidSignature:
         # unable to extract public key
         return
 

diff --git a/src/ethereum/cancun/fork.py b/src/ethereum/cancun/fork.py
@@ -16,6 +16,7 @@
 from typing import List, Optional, Tuple, Union
 
 from ethereum.base_types import Bytes0, Bytes32
+from ethereum.crypto import InvalidSignature
 from ethereum.crypto.elliptic_curve import SECP256K1N, secp256k1_recover
 from ethereum.crypto.hash import Hash32, keccak256
 from ethereum.exceptions import InvalidBlock
@@ -383,8 +384,9 @@ def check_transaction(
     if tx.gas > gas_available:
         raise InvalidBlock
 
-    sender = recover_sender(chain_id, tx)
-    sender_account = get_account(state, sender)
+    sender_address = recover_sender(chain_id, tx)
+
+    sender_account = get_account(state, sender_address)
 
     if isinstance(tx, (FeeMarketTransaction, BlobTransaction)):
         if tx.max_fee_per_gas < tx.max_priority_fee_per_gas:
@@ -427,7 +429,7 @@ def check_transaction(
     if sender_account.code != bytearray():
         raise InvalidBlock
 
-    return sender, effective_gas_price, blob_versioned_hashes
+    return sender_address, effective_gas_price, blob_versioned_hashes
 
 
 def make_receipt(
@@ -953,30 +955,33 @@ def recover_sender(chain_id: U64, tx: Transaction) -> Address:
     if 0 >= s or s > SECP256K1N // 2:
         raise InvalidBlock
 
-    if isinstance(tx, LegacyTransaction):
-        v = tx.v
-        if v == 27 or v == 28:
+    try:
+        if isinstance(tx, LegacyTransaction):
+            v = tx.v
+            if v == 27 or v == 28:
+                public_key = secp256k1_recover(
+                    r, s, v - 27, signing_hash_pre155(tx)
+                )
+            else:
+                if v != 35 + chain_id * 2 and v != 36 + chain_id * 2:
+                    raise InvalidBlock
+                public_key = secp256k1_recover(
+                    r, s, v - 35 - chain_id * 2, signing_hash_155(tx, chain_id)
+                )
+        elif isinstance(tx, AccessListTransaction):
             public_key = secp256k1_recover(
-                r, s, v - 27, signing_hash_pre155(tx)
+                r, s, tx.y_parity, signing_hash_2930(tx)
             )
-        else:
-            if v != 35 + chain_id * 2 and v != 36 + chain_id * 2:
-                raise InvalidBlock
+        elif isinstance(tx, FeeMarketTransaction):
             public_key = secp256k1_recover(
-                r, s, v - 35 - chain_id * 2, signing_hash_155(tx, chain_id)
+                r, s, tx.y_parity, signing_hash_1559(tx)
             )
-    elif isinstance(tx, AccessListTransaction):
-        public_key = secp256k1_recover(
-            r, s, tx.y_parity, signing_hash_2930(tx)
-        )
-    elif isinstance(tx, FeeMarketTransaction):
-        public_key = secp256k1_recover(
-            r, s, tx.y_parity, signing_hash_1559(tx)
-        )
-    elif isinstance(tx, BlobTransaction):
-        public_key = secp256k1_recover(
-            r, s, tx.y_parity, signing_hash_4844(tx)
-        )
+        elif isinstance(tx, BlobTransaction):
+            public_key = secp256k1_recover(
+                r, s, tx.y_parity, signing_hash_4844(tx)
+            )
+    except InvalidSignature as e:
+        raise InvalidBlock from e
 
     return Address(keccak256(public_key)[12:32])
 

diff --git a/src/ethereum/cancun/vm/precompiled_contracts/ecrecover.py b/src/ethereum/cancun/vm/precompiled_contracts/ecrecover.py
@@ -12,6 +12,7 @@
 Implementation of the ECRECOVER precompiled contract.
 """
 from ethereum.base_types import U256
+from ethereum.crypto import InvalidSignature
 from ethereum.crypto.elliptic_curve import SECP256K1N, secp256k1_recover
 from ethereum.crypto.hash import Hash32, keccak256
 from ethereum.utils.byte import left_pad_zero_bytes
@@ -52,7 +53,7 @@ def ecrecover(evm: Evm) -> None:
 
     try:
         public_key = secp256k1_recover(r, s, v - 27, message_hash)
-    except ValueError:
+    except InvalidSignature:
         # unable to extract public key
         return
 

diff --git a/src/ethereum/constantinople/fork.py b/src/ethereum/constantinople/fork.py
@@ -16,6 +16,7 @@
 from typing import List, Optional, Set, Tuple
 
 from ethereum.base_types import Bytes0
+from ethereum.crypto import InvalidSignature
 from ethereum.crypto.elliptic_curve import SECP256K1N, secp256k1_recover
 from ethereum.crypto.hash import Hash32, keccak256
 from ethereum.ethash import dataset_size, generate_cache, hashimoto_light
@@ -329,6 +330,7 @@ def check_transaction(
     """
     if tx.gas > gas_available:
         raise InvalidBlock
+
     sender_address = recover_sender(chain_id, tx)
 
     return sender_address
@@ -811,14 +813,20 @@ def recover_sender(chain_id: U64, tx: Transaction) -> Address:
     if 0 >= s or s > SECP256K1N // 2:
         raise InvalidBlock
 
-    if v == 27 or v == 28:
-        public_key = secp256k1_recover(r, s, v - 27, signing_hash_pre155(tx))
-    else:
-        if v != 35 + chain_id * 2 and v != 36 + chain_id * 2:
-            raise InvalidBlock
-        public_key = secp256k1_recover(
-            r, s, v - 35 - chain_id * 2, signing_hash_155(tx, chain_id)
-        )
+    try:
+        if v == 27 or v == 28:
+            public_key = secp256k1_recover(
+                r, s, v - 27, signing_hash_pre155(tx)
+            )
+        else:
+            if v != 35 + chain_id * 2 and v != 36 + chain_id * 2:
+                raise InvalidBlock
+            public_key = secp256k1_recover(
+                r, s, v - 35 - chain_id * 2, signing_hash_155(tx, chain_id)
+            )
+    except InvalidSignature as e:
+        raise InvalidBlock from e
+
     return Address(keccak256(public_key)[12:32])
 
 

diff --git a/src/ethereum/constantinople/vm/precompiled_contracts/ecrecover.py b/src/ethereum/constantinople/vm/precompiled_contracts/ecrecover.py
@@ -12,6 +12,7 @@
 Implementation of the ECRECOVER precompiled contract.
 """
 from ethereum.base_types import U256
+from ethereum.crypto import InvalidSignature
 from ethereum.crypto.elliptic_curve import SECP256K1N, secp256k1_recover
 from ethereum.crypto.hash import Hash32, keccak256
 from ethereum.utils.byte import left_pad_zero_bytes
@@ -52,7 +53,7 @@ def ecrecover(evm: Evm) -> None:
 
     try:
         public_key = secp256k1_recover(r, s, v - 27, message_hash)
-    except ValueError:
+    except InvalidSignature:
         # unable to extract public key
         return
 

diff --git a/src/ethereum/crypto/__init__.py b/src/ethereum/crypto/__init__.py
@@ -1,3 +1,11 @@
 """
 Cryptographic primitives used in Ethereum.
 """
+
+
+class InvalidSignature(Exception):
+    """
+    Thrown when a signature is invalid.
+    """
+
+    pass