diff options
author | Leonid <logvinov.leon@gmail.com> | 2017-09-06 16:39:43 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-06 16:39:43 +0800 |
commit | 07da617c050593a5cf9ce194eefd4f4e8fea7c61 (patch) | |
tree | 6156865472010078a9f27b905bcaec7782f6521c | |
parent | f0a5ad2d2063fe8ba4682147ec2f73e2763b0275 (diff) | |
parent | 35c133caeda613121d7d90f3f1347ebdc8087d66 (diff) | |
download | dexon-0x-contracts-07da617c050593a5cf9ce194eefd4f4e8fea7c61.tar.gz dexon-0x-contracts-07da617c050593a5cf9ce194eefd4f4e8fea7c61.tar.zst dexon-0x-contracts-07da617c050593a5cf9ce194eefd4f4e8fea7c61.zip |
Merge pull request #152 from 0xProject/fix/signature-verification
Add signature verification as a part of order validation
-rw-r--r-- | CHANGELOG.md | 1 | ||||
-rw-r--r-- | src/utils/order_validation_utils.ts | 6 | ||||
-rw-r--r-- | test/order_validation_test.ts | 12 |
3 files changed, 17 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index dc2f4a040..680e55b42 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ v0.13.0 - _TBD, 2017_ * Made all the functions submitting transactions to the network to immediately return transaction hash (#151) * Added `zeroEx.awaitTransactionMinedAsync` (#151) * Added `TransactionReceiptWithDecodedLogs`, `LogWithDecodedArgs`, `DecodedLogArgs` to public types (#151) + * Added signature validation to `validateFillOrderThrowIfInvalidAsync` (#152) v0.12.1 - _September 2, 2017_ * Added the support for web3@1.x.x provider (#142) diff --git a/src/utils/order_validation_utils.ts b/src/utils/order_validation_utils.ts index 445ad43f9..e64666dfc 100644 --- a/src/utils/order_validation_utils.ts +++ b/src/utils/order_validation_utils.ts @@ -1,4 +1,5 @@ -import {ExchangeContractErrs, SignedOrder, Order} from '../types'; +import {ExchangeContractErrs, SignedOrder, Order, ZeroExError} from '../types'; +import {ZeroEx} from '../0x.js'; import {TokenWrapper} from '../contract_wrappers/token_wrapper'; import {ExchangeWrapper} from '../contract_wrappers/exchange_wrapper'; import {utils} from '../utils/utils'; @@ -19,6 +20,9 @@ export class OrderValidationUtils { throw new Error(ExchangeContractErrs.OrderFillAmountZero); } const orderHash = utils.getOrderHashHex(signedOrder); + if (!ZeroEx.isValidSignature(orderHash, signedOrder.ecSignature, signedOrder.maker)) { + throw new Error(ZeroExError.InvalidSignature); + } const unavailableTakerTokenAmount = await this.exchangeWrapper.getUnavailableTakerAmountAsync(orderHash); if (signedOrder.makerTokenAmount.eq(unavailableTakerTokenAmount)) { throw new Error(ExchangeContractErrs.OrderRemainingFillAmountZero); diff --git a/test/order_validation_test.ts b/test/order_validation_test.ts index 93bcfcce0..9a621555c 100644 --- a/test/order_validation_test.ts +++ b/test/order_validation_test.ts @@ -4,7 +4,7 @@ import * as BigNumber from 'bignumber.js'; import promisify = require('es6-promisify'); import {chaiSetup} from './utils/chai_setup'; import {web3Factory} from './utils/web3_factory'; -import {ZeroEx, SignedOrder, Token, ExchangeContractErrs} from '../src'; +import {ZeroEx, SignedOrder, Token, ExchangeContractErrs, ZeroExError} from '../src'; import {TokenUtils} from './utils/token_utils'; import {BlockchainLifecycle} from './utils/blockchain_lifecycle'; import {FillScenarios} from './utils/fill_scenarios'; @@ -64,6 +64,16 @@ describe('OrderValidation', () => { signedOrder, zeroFillAmount, takerAddress, )).to.be.rejectedWith(ExchangeContractErrs.OrderFillAmountZero); }); + it('should throw when the signature is invalid', async () => { + const signedOrder = await fillScenarios.createFillableSignedOrderAsync( + makerTokenAddress, takerTokenAddress, makerAddress, takerAddress, fillableAmount, + ); + // 27 <--> 28 + signedOrder.ecSignature.v = 27 + (28 - signedOrder.ecSignature.v); + return expect(zeroEx.exchange.validateFillOrderThrowIfInvalidAsync( + signedOrder, fillableAmount, takerAddress, + )).to.be.rejectedWith(ZeroExError.InvalidSignature); + }); it('should throw when the order is fully filled or cancelled', async () => { const signedOrder = await fillScenarios.createFillableSignedOrderAsync( makerTokenAddress, takerTokenAddress, makerAddress, takerAddress, fillableAmount, |