Skip to content

Instantly share code, notes, and snippets.

@whalelephant

whalelephant/cw_contract_sig_validation.md

Last active April 26, 2023 07:53
Show Gist options
  • Save whalelephant/915db60f0687172609f6ece6a541f98b to your computer and use it in GitHub Desktop.
Save whalelephant/915db60f0687172609f6ece6a541f98b to your computer and use it in GitHub Desktop.
Download ZIP
CW contract signature validation
Raw
cw_contract_sig_validation.md

CW contract signature

The use of smart contracts (multisig, smart contract wallet) does not provide valid signatures from signature schemes. This is a limitation as EOA (externally owned accounts)

  • has a clear signature-client interface to sign arbitrary (or standard login) messages
  • can provide signature verifiable in contracts, such as for gas provision in smart contract wallets

This is similar to the isValidSiganture standard in Ethereum.

// Example function interface
// This creates the hash of the message and checks the state to see if the hash has been added to the state
// `signature` can be empty for contract signatures and only used to be compatible with EOA signatures
pub  fn is_valid_signature(msg: Binary, signature: Binary) -> StdResult<bool> {}

// Example state in the implementing contract
// Map of hash(msg) to validate state
// - valid signed
// - signed but revoked
pub const SIGNATURES: Map<&[u8], bool>
@TrevorJTClarke
Copy link

Can you give an example?
Most important case is a multisig i'd bet

@whalelephant
Copy link
Author

For contract <> contract, multisig is one, or just programs that does authorisation implmented as smart contracts.

@TrevorJTClarke
Copy link

Ah, i guess i meant an example of the signature. Idea being - would the signature encapsulate the multisig signatures or be a separate "contract account" signature? If so, how would a signature help if keys owning a contract can rotate frequently. Seems like the signatures would need to at some point in the chain require another owner piece OR just utilize auth grants

@whalelephant
Copy link
Author

Sorry I misunderstood what you meant before.

There is no need to capture actual cryptographic signatures because the message hash to be signed is stored in a state in the contract.
We can invalidate the stored "signed" message in the case of rotation, but that is the decision of the contract.

Let's use an example of a multisig cw3 type contract.
There will be a state SIGNATURES in the contract.
They signers can propose to "store the hash of a message in the SIGNATURE state", which when passed and executed, the is_valid_signature method will return true for a certain message.

pub fn is_valid_signature(msg: Binary, signature: Binary) -> StdResult<bool> {
    let msg_hash = hash(msg);
    SIGNATURES.load(&msg_hash)
}

@whalelephant
Copy link
Author

@TrevorJTClarke, this example might be clearer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment