ethereumjs / ethereumjs-util Goto Github PK

doesnt

tx = new Tx({ gas: 0x1234 })

works

tx = new Tx()
tx.gas = 0x1234

Version 2.13.3 of coveralls just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As coveralls is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

I am using a raspberry pi as an air-gapped computer. Web3 installs and works just fine on my pi. My problem is I need to get a public address from a private key and this requires ethereumjs-util which will not install on my raspberry pi. I am using a pi 2 with raspbian. The error log can be found at the following link

https://ethereum.stackexchange.com/questions/18395/npm-install-ethereumjs-util-on-a-raspberry-pi

Can someone please tell me what I need to do in order to install ethereumjs-util on a pi. Thanks, John
[email protected]

Opening for comment.

Geth recently became more strict and now rejects many hex values that have leading zeroes (ie 0x02 instead of 0x2).

The official RPC spec dictates that quantities should have no leading zero, and unformatted data should.

For this reason, it would probably make sense to include some new methods here for creating un-prefixed hex numbers.

I'm curious what kind of API surface people would like for that. Maybe something as simple as a stripZeroPrefix() method? I could submit that PR in minutes. We could also have a few new methods, for converting different things to this new type of hex, but that might get more confusing.

Thoughts? Would a stripZeroPrefix() method get merged?

anything we do with hexStrings should output 0x-prefixed hexStrings. this will be a breaking change.

See https://www.npmjs.com/package/typeforce

they come out in this format:

function concatSig(v, r, s) {
  r = ethUtil.fromSigned(r)
  s = ethUtil.fromSigned(s)
  v = ethUtil.bufferToInt(v)
  r = ethUtil.toUnsigned(r).toString('hex')
  s = ethUtil.toUnsigned(s).toString('hex')
  v = ethUtil.stripHexPrefix(ethUtil.intToHex(v))
  return ethUtil.addHexPrefix(r.concat(s, v).toString("hex"))
}

If I create a fresh React Native app with create-react-native-app, and only add the line:

import utils from 'ethereumjs-util';

I get an error:

Edit: After installing the packages manually yarn add assert, and then yarn add stream and yarn add buffer, I get the following error:

Basically 5.1.3 introduced ES6 feature and requires babel.

For example ethereum/solc-js was using ^5.1.2, which allows downloading 5.1.3, but wasn't prepared to handle ES6 and as a result builds on node 4 and 5 are failing: https://travis-ci.org/ethereum/solc-js/builds/337096439

@holgerd77 @Silur @jwasinger the org should be more careful with breaking changes :)

In Appendix F:

We declare that a signature is invalid unless the following is true:
0 < r < secp256k1n ∧
0 < s < secp256k1n ∧
v ∈ {27, 28}

If you have ethereumjs-util as dependency for you webApp using create-react-app, once you want to run the build script:
npm run build throws

Failed to minify the code from this file: ./node_modules/ethereumjs-util/index.js:142

Is it possible to transpile the code with Babel, create a dist folder where we can get the transpiled code and set dist as the main place in package.json?

Thanks!

thanks!

In isValidAddress:

exports.isValidAddress = function (address) {
  return /^0x[0-9a-fA-F]{40}$/i.test(address)
}

We accept a string starting with 0X because the regex is with i case insensitive flag. However 0X is invalid hex string to defineProperties.

I do not think we should consider 0X a valid prefix of a hex string.

Proposal: Just remove i flag in the regex. I don't see any good reasons to have it here.

Hi, I am trying to get an address from a hexadecimal private key (Generated via MyEtherWallet)

import { privateToAddress, toBuffer} from 'ethereumjs-util'

const private_key = '4563d0a5e0d03cd7f791dd38af0076eaead06658c4b9c0dfbc960feec7e28296'
privateToAddress(toBuffer(private_key))

Error:

Uncaught RangeError: private key length is invalid
    at Object.exports.isBufferLength (assert.js:31)
    at Object.publicKeyCreate (index.js:61)
    at exports.privateToPublic (index.js:305)
    at exports.privateToAddress (index.js:423)

Using new Buffer(private_key, 'hex') instead it works. I don't see the point of using toBuffer if I can't just import a string as private key. What am I missing here?

Create tests for:

• defineProperties
• printBA
• baToJSON

Anyone know if this has a purpose? I would like to remove it to address some user experience issues that are causing confusion on certain OS's, but want to ensure there wasn't a reason the file has a bizarre extension.

e.g.

UTC--2017-07-09T17-19-47.572Z--a4789ca05f7094186b1d1eb387d08856039d6284

would be

UTC--2017-07-09T17-19-47572Z--a4789ca05f7094186b1d1eb387d08856039d6284

Version 11.0.0 of standard was just published.

This version is covered by your current version range and after updating it in your project the build failed.

standard is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

I would like to ask how to recover wallet address at the server side after personal signing with metamask. I am getting the wrong sender (wallet address) after running ecrecover. Thank you.

Client

    // Checking if Web3 has been injected by the browser (Mist/MetaMask)
    if (typeof web3 !== 'undefined') {
      window.web3 = new Web3(window.web3.currentProvider);
      window.web3.eth.getAccounts().then(account_list => {
        if (account_list.length > 0) {
          const publicAddress = account_list[0];
          window.web3.eth.personal.sign('some_msg', account_list[0], '', this.postToServer);
        } else {
          console.log('no accounts');
        }
      }).catch(() => {
        console.log('err')
      })

Server

   var ethUtil = require('ethereumjs-util');

   // server receives message and signature

    let msgHash = ethUtil.hashPersonalMessage(Buffer.from(message))
    let sigParams = ethUtil.fromRpcSig(sig)
    let sender = ethUtil.ecrecover(msgHash, sigParams.v, sigParams.r, sigParams.s)

    console.log('sender: ', sender.toString());

LINK : fatal error LNK1181: cannot open input file 'C:\OpenSSL-Win64\lib\libeay32.lib' [C:\project\etherwallet\node_mod
ules\secp256k1\build\secp256k1.vcxproj]

Probably, resolution can be found in the following link :
https://github.com/blockapps/blockapps-js/issues/33

ethereum/EIPs#59

$ npm install -d
npm info it worked if it ends with ok
npm info using [email protected]
npm info using [email protected]
npm info attempt registry request try #1 at 10:01:07 AM
npm http request GET http://registry.npmjs.org/fsevents
npm http 304 http://registry.npmjs.org/fsevents
npm info attempt registry request try #1 at 10:01:09 AM
npm http request GET http://registry.npmjs.org/ursa
npm http 304 http://registry.npmjs.org/ursa
npm info lifecycle [email protected]preinstall: [email protected]
npm info linkStuff [email protected]
npm info lifecycle [email protected]install: [email protected]

[email protected] install C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa
node-gyp rebuild

C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa>if not defined npm_config_node_gyp (node "C:\Program Files\nodejs\node_modules\npm\bin\node-gyp-bin....\node_modules\node-gyp\bin\node-gyp.js" rebuild ) else (node "" rebuild )
gyp info it worked if it ends with ok
gyp info using [email protected]
gyp info using [email protected] | win32 | x64
gyp info spawn C:\Python27\python.EXE
gyp info spawn args [ 'C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\gyp_main.py',
gyp info spawn args 'binding.gyp',
gyp info spawn args '-f',
gyp info spawn args 'msvs',
gyp info spawn args '-G',
gyp info spawn args 'msvs_version=2013',
gyp info spawn args '-I',
gyp info spawn args 'C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa\build\config.gypi',
gyp info spawn args '-I',
gyp info spawn args 'C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\addon.gypi',
gyp info spawn args '-I',
gyp info spawn args 'C:\Users\sudhir_kumar05.node-gyp\5.10.0\include\node\common.gypi',
gyp info spawn args '-Dlibrary=shared_library',
gyp info spawn args '-Dvisibility=default',
gyp info spawn args '-Dnode_root_dir=C:\Users\sudhir_kumar05.node-gyp\5.10.0',
gyp info spawn args '-Dnode_gyp_dir=C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp',
gyp info spawn args '-Dnode_lib_file=node.lib',
gyp info spawn args '-Dmodule_root_dir=C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa',
gyp info spawn args '--depth=.',
gyp info spawn args '--no-parallel',
gyp info spawn args '--generator-output',
gyp info spawn args 'C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa\build',
gyp info spawn args '-Goutput_dir=.' ]
gyp info spawn C:\Program Files (x86)\MSBuild\12.0\bin\msbuild.exe
gyp info spawn args [ 'build/binding.sln',
gyp info spawn args '/clp:Verbosity=minimal',
gyp info spawn args '/nologo',
gyp info spawn args '/p:Configuration=Release;Platform=x64' ]
Building the projects in this solution one at a time. To enable parallel build, please add the "/m" switch.
ursaNative.cc
..\src\ursaNative.cc(157): warning C4244: 'argument' : conversion from 'ssize_t' to 'int', possible loss of data [C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(172): warning C4244: 'argument' : conversion from 'ssize_t' to 'int', possible loss of data [C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(378): warning C4267: 'initializing' : conversion from 'size_t' to 'int', possible loss of data [C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(379): warning C4267: 'initializing' : conversion from 'size_t' to 'int', possible loss of data [C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(686): warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data [C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(734): warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data [C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(779): warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data [C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(826): warning C4267: 'argument' : conversion from 'size_t' to 'int', possible loss of data [C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(945): warning C4267: 'argument' : conversion from 'size_t' to 'unsigned int', possible loss of data [C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa\build\ursaNative.vcxproj]
..\src\ursaNative.cc(1003): warning C4267: 'argument' : conversion from 'size_t' to 'unsigned int', possible loss of data [C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa\build\ursaNative.vcxproj]
win_delay_load_hook.c
LINK : fatal error LNK1181: cannot open input file 'C:\OpenSSL-Win64\lib\libeay32.lib' [C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa\build\ursaNative.vcxproj]
gyp ERR! build error
gyp ERR! stack Error: C:\Program Files (x86)\MSBuild\12.0\bin\msbuild.exe failed with exit code: 1
gyp ERR! stack at ChildProcess.onExit (C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\build.js:276:23)
gyp ERR! stack at emitTwo (events.js:100:13)
gyp ERR! stack at ChildProcess.emit (events.js:185:7)
gyp ERR! stack at Process.ChildProcess._handle.onexit (internal/child_process.js:204:12)
gyp ERR! System Windows_NT 6.1.7601
gyp ERR! command "C:\Program Files\nodejs\node.exe" "C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js" "rebuild"
gyp ERR! cwd C:\Users\sudhir_kumar05\mockingbird\node_modules\ursa
gyp ERR! node -v v5.10.0
gyp ERR! node-gyp -v v3.3.1
gyp ERR! not ok
npm info lifecycle [email protected]install: Failed to exec install script
npm WARN install:[email protected] [email protected] install: node-gyp rebuild
npm WARN install:[email protected] Exit status 1
npm info lifecycle [email protected]preinstall: [email protected]
npm info linkStuff [email protected]
npm info lifecycle [email protected]install: [email protected]
npm info lifecycle [email protected]postinstall: [email protected]
npm info lifecycle [email protected]~prepublish: [email protected]
npm WARN optional Skipping failed optional dependency /chokidar/fsevents:
npm WARN notsup Not compatible with your operating system or architecture: [email protected]
npm WARN [email protected] requires a peer of kerberos@~0.0 but none was installed.
npm info ok

Version 9.0.0 of standard just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As standard is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

See https://github.com/ethereumjs/ethereumjs-util/blob/master/index.js#L519, which limits it to address 0 to 5.

(This feature is used by the -vm and -accounts.)

The majority of the libs are using the exported imports of ethereumjs-util, such as BN, rlp and secp256k1.

I understand the motivation behind that would be code size when processed via browserify. Is that really a problem? Shouldn't browserify work out it as long as the modules in the dependency chain use the same version of the imports?

It is more maintenance work to keep them aligned, but has a less hack-ish feeling.

Additionally, ethereumjs-vm has another set of exports:

module.exports = VM

VM.deps = {
  ethUtil: require('ethereumjs-util'),
  Account: require('ethereumjs-account'),
  Trie: require('merkle-patricia-tree'),
  rlp: require('ethereumjs-util').rlp
}

And ethereumjs-tx too:

// give browser access to Buffers
global.Buffer = Buffer
global.ethUtil = ethUtil

Update: the additions in the VM and the tx library have been removed over time.

Hello, I've tested ecrecover func with the latest geth version and it's giving me an unexpected result.
Description:

• having this message 0x0bf46433510ca9ac7b2203e5477163cfa1f72679cecf71c03a454e3313477bad I signed it using web3.eth.sign from address 0xc7fea2aa9b1475e09f6325e3f6586170f3a1c470 and obtained the vrs usgin fromRpcSig

{
 v: 27,
 r: <Buffer e2 0e 09 f2 5e fa 26 00 05 ec fc 8d a9 00 ce 3a 82 d3 2a 3d bf 68 92 fc 59 7c 1a 24 2e 59 2a 96>,
 s: <Buffer 03 f0 9d e9 f6 c5 12 8b d4 77 84 fb a2 fb 3f e4 bd f9 97 f5 c1 91 52 e9 6f 00 b7 a4 4b 5d c3 7e>
} 

• using this vrs and the messagebufferToHex(ecrecover(toBuffer(message), v, r, s)) I obtain this public key 0xb94b0ad2c1bab5a27c1b74fb477024b44585fe5cc0da2c1091e4c01bb9adc9dff4cf831b649caacdcce38f749c031d29342adf643aac719a640c90f5e4c26e26
• if I transform this public key to an ethereum address it gives me this address 0x19e8c0753dd4a51903241be7ad6d32d02ea7c6a5 which is different from the one used to sign the message.

• the function: defineProperties()
• contains the code:

if (v.toString('hex') === '00' && !field.allowZero) {
  v = Buffer.allocUnsafe(0)
}

• please correct me if I'm wrong, but I believe that:

  • for an ethereum address that was entered as a hex-encoded string:
    
    "0x0000000000000000000000000000000000000000"
  • v.toString('hex') will equal "0000000000000000000000000000000000000000"
    
    which doesn't pass this conditional test

• should this check be rewritten in a more general way? ex:

if (v.toString('hex').match(/^0+$/) !== null && !field.allowZero) {
  v = Buffer.allocUnsafe(0)
}

the function : exports.intToBuffer() called in exports.toBuffer doesn't exist

I got https://github.com/substack/node-browserify installed.

Cloned the repo.

browserify index.js -o browserified.js

<!doctype html>
<html>
  <head>
    <script src="http://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>
    <script src='http://ajax.googleapis.com/ajax/libs/angularjs/1.2.28/angular.min.js'></script>
    <script src='browserified.js'></script>
    <script>
      var app = angular.module("app", []);

      app.controller("ctrl", function($scope) {
        $scope.message = "It works!";
      });

    </script>
  </head>
  <body ng-app="app" ng-controller="ctrl">
    {{ message }}

  </body>
</html>

When I use version from CDN it works: https://wzrd.in/standalone/ethereumjs-util@latest

console.log(ethereumjsUtil);

It's probably just under a different global

--

SO chat: http://chat.stackoverflow.com/transcript/message/36767135#36767135

JS Fiddle with CDN: https://jsfiddle.net/ztqeLmmk/

Having fixed a few bugs in publicToAddress it finally properly validates the input and as before it will allow:

• an uncompressed 64 byte encoded point (x,y)
• the uncompressed "RFC5480" encoding (type 4)

However I do not think it should support the RFC5480 encoding at all. Ethereum doesn't use it and when devs are using other crypto tools to interact with Ethereum they should be aware of the differences to avoid mistakes.

The relevant piece of code: https://github.com/ethereumjs/ethereumjs-util/blob/master/index.js#L301

See RFC5480 here: https://www.ietf.org/rfc/rfc5480.txt

The first octet of the OCTET STRING indicates whether the key is
compressed or uncompressed. The uncompressed form is indicated
by 0x04 and the compressed form is indicated by either 0x02 or
0x03 (see 2.3.3 in [SEC1]). The public key MUST be rejected if
any other value is included in the first octet.

SEC1 is here: http://www.secg.org/SEC1-Ver-1.0.pdf

"\x19Ethereum Signed Message:\n" + len(message).

For more see ethereum/go-ethereum#2940.

(From #60.)

Your library is great, thanks. Question.. is it possible to use the sha3 function to create a hash of a combination of strings and numbers (integers)... similar to how the keccak256 function can be used in solidity?

I have previously used the function to hash several strings and

js: sha3('abc' + 'def') === solidity: keccak256('abc',def')

But things get hairy when adding a 3rd parameter that is a number..

js: sha3('abc' + 'def' + 4) !== solidity: keccak256('abc',def',4)

I've tried fiddling around with using js buffers, or left padding the integer in js, but have had no luck.

I can work around by treating the number param as a string and passing it as a string to the contract, but I'd prefer not to.

cheers, -h

When trying vapor I get:

info vm processing block: c753d3dc40dce12c4004f84e68f125924f57f655d182b6b3c88bd23b4957aa8bheight: 01
/Users/mids/Projects/ethereum/vapor/node_modules/ethereumjs-lib/node_modules/ethereumjs-util/node_modules/bn.js/lib/bn.js:1326
  assert(num.cmpn(0) !== 0);
             ^
TypeError: undefined is not a function
    at BN.divmod (/Users/mids/Projects/ethereum/vapor/node_modules/ethereumjs-lib/node_modules/ethereumjs-util/node_modules/bn.js/lib/bn.js:1326:14)
    at BN.div (/Users/mids/Projects/ethereum/vapor/node_modules/ethereumjs-lib/node_modules/ethereumjs-util/node_modules/bn.js/lib/bn.js:1373:15)
    at BlockHeader.validatePOW (/Users/mids/Projects/ethereum/vapor/node_modules/ethereumjs-lib/lib/blockHeader.js:78:34)
    at /Users/mids/Projects/ethereum/vapor/node_modules/ethereumjs-lib/lib/blockHeader.js:149:12
    at /Users/mids/Projects/ethereum/vapor/node_modules/node-ethereum/node_modules/ethereumjs-lib/lib/blockchain.js:189:7
    at Stream.<anonymous> (/Users/mids/Projects/ethereum/vapor/node_modules/node-ethereum/node_modules/multilevel/node_modules/rpc-stream/index.js:77:10)
    at Stream.stream.write (/Users/mids/Projects/ethereum/vapor/node_modules/node-ethereum/node_modules/multilevel/node_modules/rpc-stream/node_modules/through/index.js:26:11)
    at Stream.ondata (stream.js:51:26)
    at Stream.emit (events.js:107:17)
    at Stream.<anonymous> (/Users/mids/Projects/ethereum/vapor/node_modules/node-ethereum/node_modules/multilevel/node_modules/mux-demux/inject.js:61:14)

While trying to get a specific contract address, vital and i figured that generateAddress seems to count the nonce from 1, instead of 0.

> eth.generateAddress('990ccf8a0de58091c028d6ff76bb235ee67c1c39',14).toString('hex')
'036a9d59dc5a1b814f8839e14a0fd9a10c6e1194'

Should return d658a4b8247c14868f3c512fa5cbb6e458e4a989.
Using nonce 15 returns the correct address:

> eth.generateAddress('990ccf8a0de58091c028d6ff76bb235ee67c1c39',15).toString('hex')
'd658a4b8247c14868f3c512fa5cbb6e458e4a989'

Additionally addresses with 0x return different results. This should be the same.

See #34 (comment)

The name is a bit misleading as padding means extending, but not truncating.

At least the docs have been updated to reflect this behaviour, but the question remains: should it truncate?

Hey, why do you add 27 to v in ecsign, and subtract it again in ecrecover?
I compared the values returned by ecsign with the web3.eth.sign of the go client and they seem to return a v that does not have 27 added to it.
In other words, to recover a public key using the output of geths web3.eth.sign I need to subtract 27 from v to use ethereumjs-util.recover.

What is the reason for this?

Sometimes resulting signature has values for r and s lower than 64 bytes.

At this moment function used to return signature works this way:

exports.toRpcSig = function (v, r, s) {
  // geth (and the RPC eth_sign method) uses the 65 byte format used by Bitcoin
  // FIXME: this might change in the future - https://github.com/ethereum/go-ethereum/issues/2053
  return exports.bufferToHex(Buffer.concat([ r, s, exports.toBuffer(v - 27) ]))
}

when r or v has less than 64 bytes, resulting concatenated string has a wrong length and value.

Why isValidAddress not checked checksum if address has upper and lower symbols at one time?

The dependency is not working. I got an error when installingit.
ethereumjs/ethereumjs-abi#31
phusion/node-sha3#27

When I try to import ethereumjs-util I get the error Uncaught ReferenceError: Buffer is not defined

Should we accept the zero hex prefix?

One big problem is pretty much all the function in all of ethereumjs-* assume arguments as a buffer (or an uint8 array) or a hex string. Since i assume all strings are hex strings, i don't need the 0x prefix and therefore don't process it (with the exception of the schema fields). If we added '0x' to parsing we will have to make sure that all the function in ethereumjs-* will be able to accept them. The other option is to let the users handle it. We provide a stripHexprefixString to make this easy.

related #4

ethUtil.toBuffer(new Uint8Array([1,2]))
VM596 app.js:16015 Uncaught Error: invalid type
    at Object.exports.toBuffer (VM596 app.js:16015)
    at <anonymous>:1:9

Buffer.toBuffer returns false and Uint8Array just throws as unsupported type.

Continued from #44

Ethereum signs messages (via eth_sign rpc) and transactions using a different format. We should provide a utility function for both formats.

There must be a function to check if a given address is a Zero Address (0x0000000000000000000000000000000000000000)

Version 14.2.0 of browserify just got published.

This version is covered by your current version range and after updating it in your project the build failed.

As browserify is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Your Greenkeeper Bot 🌴

Assuming the following message and signature created with given address:

msg = 'a4d15d21565d48b67f250b98d2b0a16ee08b7b5b17d88b96e0459cf0a5366c98'
sgn = '00c78fb446754b98694294cd4b64a9d706eb6329fa42994a1f3bcd660c2cc6ef45238a54feaac4d54b217b9c32448d208635e8b2cf007aff7ad7fe20036e9e6f1b'

address = '4cd548342a562d9e47344394a62a25c8de8e8e46'

Following recovery code produces wrong address (8291d6c76377ee2ad35a7997e41397914e575f3d instead of 4cd548342a562d9e47344394a62a25c8de8e8e46)

var r = EthJS.Util.toBuffer('0x' + sgn.slice(0,64));
var s = EthJS.Util.toBuffer('0x' + sgn.slice(64, 128));
var v = EthJS.Util.toBuffer('0x' + sgn.slice(128, 130));
var m = EthJS.Util.toBuffer('0x' + msg);
var pub = EthJS.Util.ecrecover(m, v, r, s);
EthJS.Util.pubToAddress(pub).toString('hex') == '8291d6c76377ee2ad35a7997e41397914e575f3d';

However, the code works for all other cases only signatures starting with 0 fail. That's why I assume that there is a bug in ecrecover.