How to use ecrecover() and what it is?

Question

It’s a simple question, but I couldn’t find an answer. In an ERC20 contract lies this code

//The nonce for avoid transfer replay attacks
mapping(address => uint256) nonces;

.

    uint256 nonce = nonces[_address_from];
    bytes32 h = keccak256(_address_from ,_address_to ,_token_amount, _amount_fee ,nonce);
    if(_address_from != ecrecover(h,_v,_r,_s)) revert();

_r _s _v are functions parameters which must be set manually when calling it on contract execution.

How do I compute _r _s _v from my address and amounts in order to not get the transaction rejected ?

score 8 · Accepted Answer · answered May 23 '18 at 12:26

8

r, s and v are obtained from the signature of the transaction. if you have the signature (assume it is in a variable called sig) you can do:

r = sig.signature.slice(0, 32)
s = sig.signature.slice(32, 64)
v = sig.recovery + 27

So if you want to check that a message was signed by an account you need to pass the r,s and v values to your contract. Notice that when you send transactions to the network, the network do the verification automatically.

The signature can be obtained with web3, see here

Also for a complete discussion see this answer

Hope this help.

answered May 23 '18 at 12:26

Jaime

8,340
1
12
20

How do I compute transaction signature? – user2284570 May 23 '18 at 13:05
The link in the answer shows how to do it using web3. – Jaime May 23 '18 at 13:22
No sorry. I mean how do I compute the called signature requiring for computing ecrecover parameters. – user2284570 May 23 '18 at 14:57
Sorry, I do not understand. Maybe a bit of context in the question, indicating what you are doing, will make easy for me to provide more help. Let me know. – Jaime May 23 '18 at 16:53
https://ethereum.stackexchange.com/q/49299/25002 I now found the function. The problem is keccak256 and the nonce. – user2284570 May 23 '18 at 17:09
So you have the values r, s, and v from the function in web3 that is used to sign the transaction. The nonce is provided by the mapping variable nonce for each particular address. So you can now check the signature. You seem to be ok now. – Jaime May 23 '18 at 17:29
the nonce value is computed on contract execution side. I don’t have it on the caller/client side. – user2284570 May 23 '18 at 17:37

How to use ecrecover() and what it is?

1 Answers1

Linked