2

I am trying to sign a safe transaction using a customized smart contract that follows eip-1271 based on this doc: https://docs.safe.global/learn/safe-core/safe-core-protocol/signatures I understand that Safe has a unique way to verify the EIP1271 signatures, from the link above it seems that the signature needs to be encoded into the following format: {32-bytes signature verifier}{32-bytes data position}{1-byte signature type}{32-bytes signature length}{bytes signature data}

I am using 1/1 threshold so only 1 signature is needed and my signature is 32 bytes.

Here is my encoded signature, 0x00000000000000000000000013dd844fa39fc0d7cff03e1dea0ad471c280f85e00000000000000000000000000000000000000000000000000000000000000610000000000000000000000000000000000000000000000000000000000000000209b3b73dda3b76dd74f3c08f3adf7ba0bb13b6ac0a378bf8aa3c58419ddafb81a

signature verifier: 0x00000000000000000000000013dd844fa39fc0d7cff03e1dea0ad471c280f85e is the padded 32bytes contract address, which corresponds to r

32-bytes data position: 0000000000000000000000000000000000000000000000000000000000000061 which is 97 bytes, that is 32+32+1+32, where the signature data starts

signature type: 00

signature length: 0000000000000000000000000000000000000000000000000000000000000020 which is 32 bytes

signature data: 9b3b73dda3b76dd74f3c08f3adf7ba0bb13b6ac0a378bf8aa3c58419ddafb81a

Why would checkNSignatures keeps being reverted?

In addition, from the checkNSignatures function implementation: https://github.com/safe-global/safe-contracts/blob/13a5d892677254edc3640fd9fbb8e03ded2832d2/contracts/Safe.sol#L274

I am assuming that r is the signature verifier, the padded contract address. What exactly is signature data pointer (s)? It should be the data position right? Then why here the start of data is s + 32? https://github.com/safe-global/safe-contracts/blob/13a5d892677254edc3640fd9fbb8e03ded2832d2/contracts/Safe.sol#LL300C17-L300C17

So s actually points to the Dynamic part which is where the signature length is instead of where the signature data actually starts?

I also found that {32-bytes signature length} doesn't seem to be needed from this answer How to sign a Gnosis-Safe transaction via Argent wallet + Wallet-Connect?

What would be the correct format to build contract signatures compatible with Safe???

Gorilas
  • 51
  • 3

1 Answers1

0
  1. "So s actually points to the Dynamic part, which is where the signature length is instead of where the signature data actually starts?"
    Yes, you do not need to include the signature size in the position, so in your case (1 signer), the position should be 65.
  2. "Then why here the start of data is s + 32? "
    32 is for the signature data size.
  3. "Why would checkNSignatures keeps being reverted?"
    What did you sign? How is the EIP-1271 validation implemented in your contract? What error does it revert with? More information is necessary for debugging.
  4. "I also found that {32-bytes signature length} doesn't seem to be needed from this answer "
    Please check the comments for that answer.
mikheevm
  • 1,075
  • 1
  • 5
  • 11
  • Based on this line in the safe contract: https://github.com/safe-global/safe-contracts/blob/13a5d892677254edc3640fd9fbb8e03ded2832d2/contracts/Safe.sol#LL287C17-L287C63 The data should be the encoded safe transaction right? instead of raw data. – Gorilas Jun 08 '23 at 16:55
  • Yes, an EIP-712's hash pre-image bytestring – mikheevm Jun 08 '23 at 19:06