This repository has been archived by the owner on Feb 26, 2024. It is now read-only.
fix: enforce eip-2 imposed limits and secp256k1 upper bound for private keys #2944
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
davidmurdoch
commented
Apr 21, 2022
892c68f to
0e9642f
Compare
35a2c11 to
057a22c
Compare
MicaiahReid
suggested changes
May 2, 2022
|
Reviewed! This also needs a description that is release ready. |
MicaiahReid
approved these changes
May 2, 2022
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sending transactions from an impersonated account with a "large" account number, like
fffffffffffffffffffffffffffffffffffffffe, would result in the error "The nonce generation function failed, or the private key was invalid" due to the way we fake transaction signing in ganache. Previously we would take the account number plus the first 12 bytes of the account number,fffffffffffffffffffffffffffffffffffffffe+ffffffffffffffffffffffff, and would use that as a fake private key. This results in an invalid key, as secp256k1, the elliptic curve used in Ethereum cryptography, has an effective maximum private key value of0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140n(AKAsecp256k1_n - 1, or the total number of non-trivial points on the curve). This fixes #2586.While implementing this fix it was discovered that we were not rejecting transactions with too-high s-values; i.e., s-values that are greater than
(secp256k1_n - 1) / 2. This restriction was added way back in Ethereum's first hardfork, homestead, as part of EIP-2 in order to remove the possibility of "malleable" transactions. While somewhat unrelated to the core reason for this fix, it has been added as part of this PR. This fixes #2600.