Closed l3wi closed 8 months ago
Happy to provide further examples or information if required!
So, I did some debugging, and to me, it doesn't seem like your signature is valid, let's go through this step by step:
000000000000000000000000820ba510d0c2f72bbdecd7ac825a5929ea6c341a
0000000000000000000000000000000000000000000000000000000000000082
0x82 = 130 in decimal
00
0000000000000000000000000000000000000000000000000000000000000220
0x220 = 544
00000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000024dde92378e6630a91d7c76b6cd4be997c1f9c2cabf684eead3a9b70245fe0ddf3e79c59ce0b45105571179e81fc5f086e60002f5b674985a0e2908042093da3d7000000000000000000000000000000000000000000000000000000000000002549960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f37b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a2257496b7369503748573937796b624d7a786c6772436f4145665f555275336d654d526e35443176746b7177222c226f726967696e223a22687474703a2f2f6c6f63616c686f73743a33303030222c2263726f73734f726967696e223a66616c73652c226f746865725f6b6579735f63616e5f62655f61646465645f68657265223a22646f206e6f7420636f6d7061726520636c69656e74446174614a534f4e20616761696e737420612074656d706c6174652e205365652068747470733a2f2f676f6f2e676c2f796162506578227d0000000000000000000000001b
I get these signature bytes and validate them with your signer contract:
So far, the backend response seems correct on my end. Please let me know if I missed anything
Also, in the Safe you referenced, I can see a contract signature successfully registered in the service:
Signature start position, second 32 bytes, we get 0000000000000000000000000000000000000000000000000000000000000082 0x82 = 130 in decimal
Actually, shouldn't this be 65? Seems like it's accounted for hex encoding 🤔
Hey @mmv08 thanks for getting back to me.
I've been able to get you a better example to look at:
Here is a valid signature that the Safe transaction service rejects:
0x0000000000000000000000001dea27210bea53cf42c34705ddd63b37e4fbd2bd00000000000000000000000000000000000000000000000000000000000000820000000000000000000000000000000000000000000000000000000000000001c000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000002470c46173d5e799fecce5ad97ac98228fe509b2f3b104c52b009e79fc9788aa9c319e9f9136831f3fc5d895e494eb15655d66102e5f2a4bc421865c0499e483ea000000000000000000000000000000000000000000000000000000000000002549960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000867b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a2265324744736552664858317764796e333867415073544d657a645f33717153726c453367417835357a4c6f222c226f726967696e223a22687474703a2f2f6c6f63616c686f73743a33303030222c2263726f73734f726967696e223a66616c73657d000000000000000000000000000000000000000000000000001b
Here is a Tenderly simulation confirming that signature executes successfully
Request URL:
https://safe-transaction-arbitrum.safe.global//api/v1/multisig-transactions/0x7b6183b1e45f1d7d707729f7f2000fb1331ecddff7aaa4ab944de0031e79ccba/confirmations/
Payload:
{
"signature": "0x0000000000000000000000001dea27210bea53cf42c34705ddd63b37e4fbd2bd00000000000000000000000000000000000000000000000000000000000000820000000000000000000000000000000000000000000000000000000000000001c000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000002470c46173d5e799fecce5ad97ac98228fe509b2f3b104c52b009e79fc9788aa9c319e9f9136831f3fc5d895e494eb15655d66102e5f2a4bc421865c0499e483ea000000000000000000000000000000000000000000000000000000000000002549960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000867b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a2265324744736552664858317764796e333867415073544d657a645f33717153726c453367417835357a4c6f222c226f726967696e223a22687474703a2f2f6c6f63616c686f73743a33303030222c2263726f73734f726967696e223a66616c73657d000000000000000000000000000000000000000000000000001b"
}
Response:
{
"signature": [
"Signature=0x0000000000000000000000001dea27210bea53cf42c34705ddd63b37e4fbd2bd000000000000000000000000000000000000000000000000000000000000008200 for owner=0x1DeA27210BeA53cF42c34705DdD63B37e4FBd2BD is not valid"
]
}
If you check the payload of the STATICCALL
in Tenderly from Gnosis to the verifier contract, you'll see that its calling the verify function thats using (bytes, bytes) instead of (bytes32, bytes). This is why your attempt to call the contract with the bytes32
hash failed as it doesn't mimic the way the Safe works. I imagine the Safe TX service does the same thing when validating the tx.
To your point about the signature offset, the signature fails the simulation if I don't use do 65 * 2
, aka offset * signature number (2). I'm not sure why that is 🤔 .
To your point about the signature offset, the signature fails the simulation if I don't use do 65 2, aka offset signature number (2). I'm not sure why that is 🤔 .
Hmm, I thought that in the original issue the amount of signatures was 1.
There were two: an EOA & a Contract Signature.
I linked to the pending tx in the first message: here
Hey @mmv08 thanks for getting back to me.
I've been able to get you a better example to look at:
Valid Signature:
Here is a valid signature that the Safe transaction service rejects:
0x0000000000000000000000001dea27210bea53cf42c34705ddd63b37e4fbd2bd00000000000000000000000000000000000000000000000000000000000000820000000000000000000000000000000000000000000000000000000000000001c000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000002470c46173d5e799fecce5ad97ac98228fe509b2f3b104c52b009e79fc9788aa9c319e9f9136831f3fc5d895e494eb15655d66102e5f2a4bc421865c0499e483ea000000000000000000000000000000000000000000000000000000000000002549960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000867b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a2265324744736552664858317764796e333867415073544d657a645f33717153726c453367417835357a4c6f222c226f726967696e223a22687474703a2f2f6c6f63616c686f73743a33303030222c2263726f73734f726967696e223a66616c73657d000000000000000000000000000000000000000000000000001b
Here is a Tenderly simulation confirming that signature executes successfully
Safe TX Service
Request URL:
https://safe-transaction-arbitrum.safe.global//api/v1/multisig-transactions/0x7b6183b1e45f1d7d707729f7f2000fb1331ecddff7aaa4ab944de0031e79ccba/confirmations/
Payload:
{ "signature": "0x0000000000000000000000001dea27210bea53cf42c34705ddd63b37e4fbd2bd00000000000000000000000000000000000000000000000000000000000000820000000000000000000000000000000000000000000000000000000000000001c000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000002470c46173d5e799fecce5ad97ac98228fe509b2f3b104c52b009e79fc9788aa9c319e9f9136831f3fc5d895e494eb15655d66102e5f2a4bc421865c0499e483ea000000000000000000000000000000000000000000000000000000000000002549960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000867b2274797065223a22776562617574686e2e676574222c226368616c6c656e6765223a2265324744736552664858317764796e333867415073544d657a645f33717153726c453367417835357a4c6f222c226f726967696e223a22687474703a2f2f6c6f63616c686f73743a33303030222c2263726f73734f726967696e223a66616c73657d000000000000000000000000000000000000000000000000001b" }
Response:
{ "signature": [ "Signature=0x0000000000000000000000001dea27210bea53cf42c34705ddd63b37e4fbd2bd000000000000000000000000000000000000000000000000000000000000008200 for owner=0x1DeA27210BeA53cF42c34705DdD63B37e4FBd2BD is not valid" ] }
What I think is happening:
If you check the payload of the
STATICCALL
in Tenderly from Gnosis to the verifier contract, you'll see that its calling the verify function thats using (bytes, bytes) instead of (bytes32, bytes). This is why your attempt to call the contract with thebytes32
hash failed as it doesn't mimic the way the Safe works. I imagine the Safe TX service does the same thing when validating the tx.Side note:
To your point about the signature offset, the signature fails the simulation if I don't use do
65 * 2
, aka offset * signature number (2). I'm not sure why that is 🤔 .
I think you're right! The service verifies the signature using the safe transaction hash, but in the safe contract it uses the pre-image transaction data because of the legacy EIP-1271 method. I'll see what we can do.
Awesome! Thanks for looking into this.
Hey @mmv08 any update here?
Hey @mmv08 any update here?
Hey, apologies, I was on vacation. I will check if someone from the backend team can look into the issue this week. Otherwise, I will have time to look into it myself on Friday.
@Uxio0 should this ticket be reopened as discussed in slack?
@mmv08 we can reopen as the fix is still not in production
Great to see progress here. Thanks so much for getting the fix done.
Looking forward to seeing it go live
This is now fixed on production
Describe the bug When using an EIP1271 verifier for a Safe, the transaction service wont accept the signature bytes for the contract as valid. However when the same signatures are executed onchain the transaction is successful. It seems theres a validation error.
To Reproduce Safe: here Transaction in question: here Successful tx with same signers: here
Steps to reproduce the behavior:
Expected behavior After I've generated a valid signature, I should be able to post it to the transaction service. The service should correctly validate it & store the signature for execution by another wallet.
Environment: