Add implicit failing test

zhongeric · zhongeric · commit b8a2db8ddc90 · 2025-04-15T10:44:51.000-04:00
diff --git a/test/ERC7739.t.sol b/test/ERC7739.t.sol
@@ -72,4 +72,39 @@ contract ERC7739Test is DelegationHandler, TokenHandler, ERC1271Handler, FFISign
         // Assert that the signature is valid when compared against the ffi generated signature
         assertEq(signature, key.sign(typedDataSignDigest));
     }
+
+    function test_signTypedSignData_usingImplicitType_wrongSignature_ffi() public {
+        TestKey memory key = TestKeyManager.withSeed(KeyType.Secp256k1, signerPrivateKey);
+
+        PermitSingle memory permitSingle = PermitSingle({
+            details: PermitDetails({token: address(0), amount: 0, expiration: 0, nonce: 0}),
+            spender: address(0),
+            sigDeadline: 0
+        });
+        // Locally generate the full TypedSignData hash
+        bytes32 contentsHash = mockERC1271VerifyingContract.hash(permitSingle);
+        bytes32 appSeparator = mockERC1271VerifyingContract.domainSeparator();
+
+        // Incorrectly use the implicit type descriptor string, causing the top level type to be
+        // TypeDataSign(...)PermitSingle(...)PermitDetails(...) which does not follow EIP-712 ordering
+        string memory contentsDescrImplicit = mockERC1271VerifyingContract.contentsDescrImplicit();
+
+        bytes memory signerAccountDomainBytes = IERC5267(address(signerAccount)).toDomainBytes();
+        bytes32 typedDataSignDigest =
+            contentsHash.hashTypedDataSign(signerAccountDomainBytes, appSeparator, contentsDescrImplicit);
+
+        // Make it clear that the verifying contract is set properly.
+        address verifyingContract = address(signerAccount);
+
+        (bytes memory signature) = ffi_signWrappedTypedData(
+            signerPrivateKey,
+            verifyingContract,
+            DOMAIN_NAME,
+            DOMAIN_VERSION,
+            address(mockERC1271VerifyingContract),
+            permitSingle
+        );
+        // Assert that the ffi generated signature is NOT the same as the locally generated signature
+        assertNotEq(signature, key.sign(typedDataSignDigest));
+    }
 }
diff --git a/test/utils/MockERC1271VerifyingContract.sol b/test/utils/MockERC1271VerifyingContract.sol
@@ -46,6 +46,12 @@ contract MockERC1271VerifyingContract is EIP712 {
         return _domainSeparatorV4();
     }
 
+    /// @notice The EIP-712 typestring with PermitSingle as the top level type
+    /// @dev This should NOT be used for correct ERC-7739 nested TypedDataSign signatures
+    function contentsDescrImplicit() external pure returns (string memory) {
+        return "PermitSingle(PermitDetails details,address spender,uint256 sigDeadline)PermitDetails(address token,uint160 amount,uint48 expiration,uint48 nonce)";
+    }
+
     /// @notice Per ERC-7739, use the explicit mode for content descriptor strings since the top level type
     ///         PermitSingle is alphabetically ordered after PermitDetails
     /// @dev return the full contents descriptor string in explicit mode
