Merge pull request #414 from rsksmart/feature/FLY-2196

Feature/FLY-2196 - Add EIP-712 typed signatures

Author: Luisfc68

src/PegInContract.sol

@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.8.25;
 
+import {EIP712Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/cryptography/EIP712Upgradeable.sol";
 import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
 import {BtcUtils} from "@rsksmart/btc-transaction-solidity-helper/contracts/BtcUtils.sol";
 import {OpCodes} from "@rsksmart/btc-transaction-solidity-helper/contracts/OpCodes.sol";
@@ -19,6 +20,7 @@ import {SignatureValidator} from "./libraries/SignatureValidator.sol";
 contract PegInContract is
     EmergencyPause,
     ReentrancyGuardUpgradeable,
+    EIP712Upgradeable,
     IPegIn
 {
     /// @notice This struct is used to store the information of a call on behalf of the user
@@ -31,6 +33,8 @@ contract PegInContract is
 
     /// @notice The version of the contract
     string constant public VERSION = "1.0.0";
+    /// @notice The name of the contract (used for EIP712)
+    string constant public NAME = "PegInContract";
     Flyover.ProviderType constant private _PEG_TYPE = Flyover.ProviderType.PegIn;
     uint256 constant private _REFUND_ADDRESS_LENGTH = 21;
 
@@ -94,6 +98,7 @@ contract PegInContract is
     ) external initializer {
         if (collateralManagement.code.length == 0) revert Flyover.NoContract(collateralManagement);
         __ReentrancyGuard_init();
+        __EIP712_init(NAME, VERSION);
         // Initialize EmergencyPause (includes AccessControl, Pausable, and grants PAUSER_ROLE)
         __EmergencyPause_init(0, defaultAdmin);
         _bridge = IBridge(bridge);
@@ -289,6 +294,11 @@ contract PegInContract is
         return _hashPegInQuote(quote);
     }
 
+    /// @inheritdoc IPegIn
+    function hashPegInQuoteEIP712(Quotes.PegInQuote calldata quote) external view override returns (bytes32) {
+        return _hashPegInQuoteEIP712(quote);
+    }
+
     /// @inheritdoc IPegIn
     function getQuoteStatus(bytes32 quoteHash) external view override returns (PegInStates) {
         if (_reentrancyGuardEntered()) revert ReentrancyGuardReentrantCall();
@@ -469,8 +479,9 @@ contract PegInContract is
         if (_processedQuotes[quoteHash] == PegInStates.PROCESSED_QUOTE) {
             revert QuoteAlreadyProcessed(quoteHash);
         }
-        if (!SignatureValidator.verify(quote.liquidityProviderRskAddress, quoteHash, signature)) {
-            revert SignatureValidator.IncorrectSignature(quote.liquidityProviderRskAddress, quoteHash, signature);
+        bytes32 eip712hash = _hashPegInQuoteEIP712(quote);
+        if (!SignatureValidator.verify(quote.liquidityProviderRskAddress, eip712hash, signature)) {
+            revert SignatureValidator.IncorrectSignature(quote.liquidityProviderRskAddress, eip712hash, signature);
         }
         // the actual type in the RSKj node source code is a java int which is equivalent to int32
         if (height > uint256(int(type(int32).max)) - 1) {
@@ -489,6 +500,29 @@ contract PegInContract is
     /// @param quote The peg in quote
     /// @return quoteHash The hash of the quote
     function _hashPegInQuote(Quotes.PegInQuote calldata quote) private view returns (bytes32) {
+        _validatePegInQuote(quote);
+        return keccak256(Quotes.encodeQuote(quote));
+    }
+
+    /// @notice This function is used to hash a peg in quote using EIP712 specification
+    /// @dev The function also validates the following:
+    /// - The quote belongs to this contract
+    /// - The quote destination is not the bridge contract
+    /// - The quote BTC refund address is valid
+    /// - The quote liquidity provider BTC address is valid
+    /// - The quote total amount is greater than the bridge minimum peg in amount
+    /// - The sum of the timestamp values is not greater than the maximum uint32 value
+    /// @param quote The peg in quote
+    /// @return quoteHash The hash struct to be combined with the domain separator
+    function _hashPegInQuoteEIP712(Quotes.PegInQuote calldata quote) private view returns (bytes32) {
+        _validatePegInQuote(quote);
+        return _hashTypedDataV4(Quotes.hashPegInQuoteEIP712(quote));
+    }
+
+    function _validatePegInQuote(Quotes.PegInQuote calldata quote) private view {
+        if (quote.chainId != block.chainid) {
+            revert Flyover.InvalidChainId(block.chainid, quote.chainId);
+        }
         if (address(this) != quote.lbcAddress) {
             revert Flyover.IncorrectContract(address(this), quote.lbcAddress);
         }
@@ -508,7 +542,6 @@ contract PegInContract is
         if (type(uint32).max < uint64(quote.agreementTimestamp) + uint64(quote.timeForDeposit)) {
             revert Flyover.Overflow(type(uint32).max);
         }
-        return keccak256(Quotes.encodeQuote(quote));
     }
 
     /// @notice This function is used to determine if the liquidity provider should be penalized

src/PegOutContract.sol

@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.8.25;
 
+import {EIP712Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/cryptography/EIP712Upgradeable.sol";
 import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
 import {BtcUtils} from "@rsksmart/btc-transaction-solidity-helper/contracts/BtcUtils.sol";
 import {EmergencyPause} from "./EmergencyPause/EmergencyPause.sol";
@@ -17,6 +18,7 @@ import {SignatureValidator} from "./libraries/SignatureValidator.sol";
 contract PegOutContract is
     EmergencyPause,
     ReentrancyGuardUpgradeable,
+    EIP712Upgradeable,
     IPegOut
 {
     /// @notice This struct is used to store the information of a peg out
@@ -30,6 +32,8 @@ contract PegOutContract is
 
     /// @notice The version of the contract
     string constant public VERSION = "1.0.0";
+    /// @notice The name of the contract (used for EIP712)
+    string constant public NAME = "PegOutContract";
     Flyover.ProviderType constant private _PEG_TYPE = Flyover.ProviderType.PegOut;
     // Index of the BTC output that must pay quote.depositAddress during peg-out refund validation.
     uint256 constant private _PAY_TO_ADDRESS_OUTPUT = 0;
@@ -90,10 +94,11 @@ contract PegOutContract is
             revert QuoteExpiredByBlocks(quote.expireBlock);
         }
 
-        bytes32 quoteHash = _hashPegOutQuote(quote);
-        if (!SignatureValidator.verify(quote.lpRskAddress, quoteHash, signature)) {
-            revert SignatureValidator.IncorrectSignature(quote.lpRskAddress, quoteHash, signature);
+        bytes32 eip712Hash = _hashPegOutQuoteEIP712(quote);
+        if (!SignatureValidator.verify(quote.lpRskAddress, eip712Hash, signature)) {
+            revert SignatureValidator.IncorrectSignature(quote.lpRskAddress, eip712Hash, signature);
         }
+        bytes32 quoteHash = _hashPegOutQuote(quote);
 
         Quotes.PegOutQuote storage registeredQuote = _pegOutQuotes[quoteHash];
 
@@ -139,6 +144,7 @@ contract PegOutContract is
     ) external initializer {
         if (collateralManagement.code.length == 0) revert Flyover.NoContract(collateralManagement);
         __ReentrancyGuard_init();
+        __EIP712_init(NAME, VERSION);
         // Initialize EmergencyPause (includes AccessControl, Pausable, and grants PAUSER_ROLE)
         __EmergencyPause_init(0, defaultAdmin);
         _bridge = IBridge(bridge);
@@ -255,6 +261,13 @@ contract PegOutContract is
         return _hashPegOutQuote(quote);
     }
 
+    /// @inheritdoc IPegOut
+    function hashPegOutQuoteEIP712(
+        Quotes.PegOutQuote calldata quote
+    ) external view override returns (bytes32) {
+        return _hashPegOutQuoteEIP712(quote);
+    }
+
     /// @inheritdoc IPegOut
     function isQuoteCompleted(bytes32 quoteHash) external view override returns (bool) {
         return _isQuoteCompleted(quoteHash);
@@ -297,10 +310,28 @@ contract PegOutContract is
     function _hashPegOutQuote(
         Quotes.PegOutQuote calldata quote
     ) private view returns (bytes32) {
+        _validatePegOutQuote(quote);
+        return keccak256(Quotes.encodePegOutQuote(quote));
+    }
+
+    /// @notice This function is used to hash a peg out quote using EIP712 specification
+    /// @dev The function also validates the quote belongs to this contract
+    /// @param quote the peg out quote to hash
+    /// @return quoteHash the hash of the peg out quote
+    function _hashPegOutQuoteEIP712(Quotes.PegOutQuote calldata quote) private view returns (bytes32) {
+        _validatePegOutQuote(quote);
+        return _hashTypedDataV4(Quotes.hashPegOutQuoteEIP712(quote));
+    }
+
+    /// @notice This function is used to validate a peg out quote before hashing it
+    /// @param quote The peg out quote to validate
+    function _validatePegOutQuote(Quotes.PegOutQuote calldata quote) private view {
+        if (quote.chainId != block.chainid) {
+            revert Flyover.InvalidChainId(block.chainid, quote.chainId);
+        }
         if (address(this) != quote.lbcAddress) {
             revert Flyover.IncorrectContract(address(this), quote.lbcAddress);
         }
-        return keccak256(Quotes.encodePegOutQuote(quote));
     }
 
     /// @notice This function is used to check if a quote has been completed (refunded by any party)

src/interfaces/IPegIn.sol

@@ -1,12 +1,13 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.8.25;
 
+import {IERC5267} from "@openzeppelin/contracts/interfaces/IERC5267.sol";
 import {Quotes} from "../libraries/Quotes.sol";
 import {IPausable} from "./IPausable.sol";
 
 /// @title PegIn interface
 /// @notice This interface is used to expose the required functions to provide the Flyover peg in service
-interface IPegIn is IPausable {
+interface IPegIn is IPausable, IERC5267 {
 
     /// @notice The states of a peg in quote
     /// @dev The quote set to CALL_DONE when the callForUser function is called
@@ -160,6 +161,11 @@ interface IPegIn is IPausable {
     /// @return quoteHash The hash of the quote
     function hashPegInQuote(Quotes.PegInQuote calldata quote) external view returns (bytes32);
 
+    /// @notice This view is used to get the hash of a peg in quote using EIP712 specification
+    /// @param quote The quote of the peg in
+    /// @return hashStruct The hash struct to be combined with the domain separator
+    function hashPegInQuoteEIP712(Quotes.PegInQuote calldata quote) external view returns (bytes32);
+
     /// @notice This function is used to get the minimum peg in amount allowed by the protocol
     /// @return minPegIn The minimum peg in amount
     function getMinPegIn() external view returns (uint256);

src/interfaces/IPegOut.sol

@@ -1,12 +1,13 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.8.25;
 
+import {IERC5267} from "@openzeppelin/contracts/interfaces/IERC5267.sol";
 import {Quotes} from "../libraries/Quotes.sol";
 import {IPausable} from "./IPausable.sol";
 
 /// @title PegOut interface
 /// @notice This interface is used to expose the required functions to provide the Flyover peg out service
-interface IPegOut is IPausable {
+interface IPegOut is IPausable, IERC5267 {
 
     /// @notice Emitted when a peg out is refunded to the liquidity
     /// provider after successfully providing the service
@@ -153,6 +154,11 @@ interface IPegOut is IPausable {
     /// @param quote the quote to hash
     function hashPegOutQuote(Quotes.PegOutQuote calldata quote) external view returns (bytes32);
 
+    /// @notice This view is used to get the hash of a peg out quote using EIP712 specification
+    /// @param quote The quote of the peg out
+    /// @return hashStruct The hash struct to be combined with the domain separator
+    function hashPegOutQuoteEIP712(Quotes.PegOutQuote calldata quote) external view returns (bytes32);
+
     /// @notice This view is used to check if a quote has been completed. Completed means it was paid and refunded
     /// doesn't matter if the refund was to the liquidity provider (success) or to the user (failure)
     /// @param quoteHash the hash of the quote to check

src/legacy/LiquidityBridgeContract.sol

@@ -4,7 +4,7 @@ pragma experimental ABIEncoderV2;
 
 import "../interfaces/IBridge.sol";
 import "./Quotes.sol";
-import "../libraries/SignatureValidator.sol";
+import "./SignatureValidator.sol";
 import "@rsksmart/btc-transaction-solidity-helper/contracts/BtcUtils.sol";
 import "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
 import "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";

src/legacy/LiquidityBridgeContractV2.sol

@@ -4,7 +4,7 @@ pragma experimental ABIEncoderV2;
 
 import "../interfaces/IBridge.sol";
 import "./QuotesV2.sol";
-import "../libraries/SignatureValidator.sol";
+import "./SignatureValidator.sol";
 import "@rsksmart/btc-transaction-solidity-helper/contracts/BtcUtils.sol";
 import "@rsksmart/btc-transaction-solidity-helper/contracts/OpCodes.sol";
 import "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";

src/legacy/SignatureValidator.sol

@@ -0,0 +1,44 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.25;
+
+import { ECDSA } from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+
+library SignatureValidator {
+
+    using ECDSA for bytes32;
+
+    error IncorrectSignature(address expectedAddress, bytes32 usedHash, bytes signature);
+    error ZeroAddress();
+    /**
+        @dev Verfies signature against address
+        @param addr The signing address
+        @param quoteHash The hash of the signed data
+        @param signature The signature containing v, r and s
+        @return True if the signature is valid, false otherwise.
+     */
+    function verify(address addr, bytes32 quoteHash, bytes memory signature) public pure returns (bool) {
+
+        if (addr == address(0)) {
+            revert ZeroAddress();
+        }
+
+        if (signature.length != 65) {
+            revert IncorrectSignature(addr, quoteHash, signature);
+        }
+
+
+        bytes32 r;
+        bytes32 s;
+        uint8 v;
+
+        assembly {
+            r := mload(add(signature, 0x20))
+            s := mload(add(signature, 0x40))
+            v := byte(0, mload(add(signature, 0x60)))
+        }
+        // TODO use EIP712 compatible format instead
+        bytes memory prefix = "\x19Ethereum Signed Message:\n32";
+        bytes32 prefixedHash = keccak256(abi.encodePacked(prefix, quoteHash));
+        return prefixedHash.recover(v, r, s) == addr;
+    }
+}

src/libraries/Flyover.sol

@@ -31,4 +31,8 @@ library Flyover {
     error InsufficientAmount(uint256 amount, uint256 target);
     error Overflow(uint256 passedAmount);
     error InvalidAddress(address addr);
+    /// @notice Quote was created for a different chain
+    /// @param expected The current chain id (block.chainid)
+    /// @param actual The chain id in the quote
+    error InvalidChainId(uint256 expected, uint256 actual);
 }