Skip to content

Fix validAfter boundary condition in EIP3009 authorization validation#657

Open
Kewe63 wants to merge 4 commits into
circlefin:masterfrom
Kewe63:fix/eip3009-valid-after-boundary
Open

Fix validAfter boundary condition in EIP3009 authorization validation#657
Kewe63 wants to merge 4 commits into
circlefin:masterfrom
Kewe63:fix/eip3009-valid-after-boundary

Conversation

@Kewe63

@Kewe63 Kewe63 commented Apr 10, 2026

Copy link
Copy Markdown

Summary

Fix off-by-one error in _requireValidAuthorization where validAfter boundary check used strict greater-than (>) instead of greater-than-or-equal (>=), causing authorizations to be rejected at the exact validAfter timestamp.

Detail

In EIP3009.sol, the _requireValidAuthorization function checks whether the current block timestamp satisfies the validAfter constraint. The original code used:

require(now > validAfter, "FiatTokenV2: authorization is not yet valid");

Per the EIP-3009 specification, an authorization should be considered valid at the validAfter timestamp, not only after it. The asymmetry with validBefore (which correctly uses strict <) confirms this is a bug:

  • validAfter: authorization is valid from this time → >=
  • validBefore: authorization is valid until this time → <

Fix: Changed > to >= on line 320 of EIP3009.sol.

This affects all functions that rely on _requireValidAuthorization:

  • _transferWithAuthorization (both overloads)
  • _receiveWithAuthorization (both overloads)

Testing

  • Verify authorization is accepted when block.timestamp == validAfter
  • Verify authorization is rejected when block.timestamp < validAfter
  • Verify authorization is still rejected when block.timestamp >= validBefore
  • Verify normal authorization flow works for timestamps between validAfter and validBefore

Documentation

No documentation changes required. This is a single-operator fix that aligns the implementation with the EIP-3009 specification.


Requested Reviewers: @Kewe63

Kewe63 added 4 commits April 10, 2026 10:15
- Update @typechain/ethers-v6 from 0.4.3 to 0.5.1
- Update typechain from 8.3.1 to 8.3.2
- Resolves peer dependency conflicts that break project setup
Change strict greater-than (>) to greater-than-or-equal (>=) in
_requireValidAuthorization for the validAfter check. Per the EIP-3009
specification, an authorization should be valid at the exact timestamp
specified by validAfter, not only after it.
@Kewe63

Kewe63 commented Apr 11, 2026

Copy link
Copy Markdown
Author

Note on commit history: This PR includes a revert of a previous experimental commit (2c2f3a1) that attempted broader security fixes. That commit was reverted because it introduced unintended scope creep — mixing unrelated changes with this boundary fix. This PR intentionally focuses only on the validAfter operator change to keep the diff minimal and reviewable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant