renegade_contracts: darkpool: verify VALID WALLET UPDATE statement signature
#79
Conversation
| /// | ||
| /// We manually mirror the implementation of keccak::keccak_u256s_le_inputs so that we can | ||
| /// avoid an extra loop over the input to map it into u256s. | ||
| fn hash_statement<T, impl TScalarSerializable: ScalarSerializable<T>>(statement: @T) -> Scalar { |
There was a problem hiding this comment.
in this method, why do we sign the scalar serialization and not the byte serialization? it'd be ideal from the FE's perspective if this were byte-centric so that the FE does not have to implement scalar serialization (this also fits closer to how keccak is defined). Is this a Starknet limitation?
There was a problem hiding this comment.
Mostly because it'll be more expensive & cumbersome contract-side to serialize the statement into bytes. Since I've last looked at the corelib, it seems some utilities for converting between felt252 and a new bytes31 type have been added, but the type seems a bit inconvenient (e.g. it is not a byte array, not sure how to add padding to it, etc.). Either way, this would add another layer of serialization logic and thus cost to the contract execution, and I am generally in favor of pushing serialization complexity onto the client / relayer instead of in the contract, where we pay for it. Even if the costs are marginal wrt other contract functions, might as well handle these things in a lower-cost (and more expressive) programming environment than Cairo.
akirillo
force-pushed
the
andrew/verify-update-wallet-signature
branch
from
22e55af
to
b44d7b9
Compare
This PR introduces a pre-verification check of a signature over the
VALID WALLET UPDATEstatement generated fromsk_root.Testing
A new test was added asserting that an invalid signature fails. This, and all previous
update_wallettests (which now sign the statement) pass.