Skip to content

Feature/fly 2212#427

Merged
Luisfc68 merged 12 commits intov2.5.0-fixesfrom
feature/FLY-2212
Feb 19, 2026
Merged

Feature/fly 2212#427
Luisfc68 merged 12 commits intov2.5.0-fixesfrom
feature/FLY-2212

Conversation

@Hakob23
Copy link
Copy Markdown
Collaborator

@Hakob23 Hakob23 commented Feb 16, 2026

What

Adding support for EIP-712 standard contracts for signature verification

Why

To avoid EOA bypass of signature verification via constructor call and also not introducing back tx.origin from legacy contract as it also can be manipulated.

Task

https://rsklabs.atlassian.net/browse/FLY-2212

@Hakob23 Hakob23 requested a review from a team as a code owner February 16, 2026 19:15
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 16, 2026
View reviewed changes
@github-actions
Copy link
Copy Markdown

github-actions bot commented Feb 16, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails

Scanned Files

Luisfc68
Luisfc68 requested changes Feb 18, 2026
View reviewed changes
src/libraries/SignatureValidator.sol Outdated

using ECDSA for bytes32;
bytes4 internal constant EIP1271_MAGIC_VALUE_BYTES32 = IERC1271.isValidSignature.selector;
bytes4 internal constant EIP1271_MAGIC_VALUE_BYTES = 0x20c13b0b;
Copy link
Copy Markdown
Collaborator

@Luisfc68 Luisfc68 Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this magic value doesn't match with the one of the specification https://eips.ethereum.org/EIPS/eip-1271

src/libraries/SignatureValidator.sol Outdated
/**
@dev Verfies signature against address
@dev Verifies signature against address.
@dev For EOAs, validates ECDSA over the EIP-191 prefixed hash.
Copy link
Copy Markdown
Collaborator

@Luisfc68 Luisfc68 Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now we're supporting eip 712, pls update this comment (and sync with the v2.5.0-fixes branch so you have those changes here)

src/FlyoverDiscovery.sol Outdated
uint256 collateralAmount
) private view {
if (providerAddress != msg.sender || providerAddress.code.length != 0) revert NotEOA(providerAddress);
if (providerAddress != msg.sender) revert NotAuthorized(msg.sender);
Copy link
Copy Markdown
Collaborator

@Luisfc68 Luisfc68 Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my opinion, I think is ok if we want to extend the signature validator to be capable of validating contract signatures, but I'm a bit worried about allowing contracts to be registered as liquidity providers, I think it might be a good call to keep this check EOA only so we can make the proper analysis of the impact of this decision, if we conclude is fine to allow smart contracts, then the signature validator is already working and we just need to update this check. Anyway I'll send this question to security as well

@Hakob23 Hakob23 requested a review from Luisfc68 February 19, 2026 19:43
@Luisfc68 Luisfc68 merged commit ce2b317 into v2.5.0-fixes Feb 19, 2026
1 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Luisfc68 Luisfc68 Luisfc68 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Hakob23 @Luisfc68 @github-advanced-security