EVM on Wasm: ECDSA
precompiled 0x01
, called ecrecover
more often than not apparently
EIP-2 defines a fix on signature verification that was not added to ecrecover https://eips.ethereum.org/EIPS/eip-2#specification
The check to look for in spec is 0 < s < secp256k1n ÷ 2 + 1
which is in teh spec of the transaction signature verification section F and not in the definition of EREC
section E of yellow paper.
Spec in section F of yellow paper https://ethereum.github.io/yellowpaper/paper.pdf
Spec Shanghai https://www.evm.codes/precompiled?fork=shanghai
solidity spec https://docs.soliditylang.org/en/latest/units-and-global-variables.html#mathematical-and-cryptographic-functions
Note that the arguments are not exactly identical (v is 1 byte (uint8
) and note 32)
Geth implementation https://github.com/ethereum/go-ethereum/blob/master/core/vm/contracts.go#L188
Aurora doc gives more infos https://doc.aurora.dev/evm/precompiles/#ecrecover
Also rareskills https://www.rareskills.io/post/solidity-precompiles
We already have ECDSA signature verification in ethereum/tx_common.rs
- gas is constant (
3000
) - The recovery id is
v - 27
so ecrecover doesn't implements EIP-155 (v
encodingchain_id
) - check on
s
is wrt tosecp256k1n
notsecp256k1n / 2
which suggest the recover id could be2
or3
and not just0
and1
as per transaction signature verification. It's still recovered usingv - 27
though. - input data is padded with
0
on the right -
v
is on32
bytes, not1
- the ouput is an address (
20
bytes) padded with0
in front to be32
bytes - empty output if no result, no failure it seems ?