cxkoda
commented
2 years ago Reproducing from DMs with @wattsyart for posterity:
The library code is only intended to check if a valid signature to a given message was supplied and to mark the message (not the signature) as used. So there cannot be any replay for the same message - even if different signatures were supplied. Any validation of message data (e.g. if msg.sender corresponds to the address on the supplied mint allowance) is considered consumer logic and has to be implemented in the calling contract.
Even though NFT mint allowlists are a wide-spread usecase for signatures, it is by far not the only - so we opted to keep this code as generic as possible. Maybe we could supply some example code to guide the user in this case. Perhaps also pointing out some requirements for the server that hands out the signatures.
The signature checking code uses the message itself to validate whether user is allowed to mint: https://github.com/divergencetech/ethier/blob/main/contracts/crypto/SignatureChecker.sol#L36
However, you can obtain an unbounded number of valid signatures for the same parameters, opening a potential "looping" exploit for any implementer that doesn't guarantee the same signature given an address and amount.
A server that simply checks a database and signs with a valid signer, will produce different, valid signatures on every call.