This is part 2 of a thread on signatures in Ethereum.
In this thread we will learn:
- What is a digital signature in the context of Ethereum?
- ECDSA
- Meta-transactions
- ERC20-Permit
Ok, let's get started! 🏃♂️
In this thread we will learn:
- What is a digital signature in the context of Ethereum?
- ECDSA
- Meta-transactions
- ERC20-Permit
Ok, let's get started! 🏃♂️
https://twitter.com/immunefi/status/1479041210014736385
A digital signature can be created to sign any message.
For Ethereum transactions, the details of the transaction itself are used as the message.
The mathematics of cryptography provides a way for the message (i.e. the transaction details) to be combined with the private key👇
For Ethereum transactions, the details of the transaction itself are used as the message.
The mathematics of cryptography provides a way for the message (i.e. the transaction details) to be combined with the private key👇
☝️that in itself creates a code that can only be produced with knowledge of the private key.
That code is called the digital signature.
The above explanation was taken from the wonderful Mastering Ethereum book, which you can find free on GitHub.
github.com/ethereumbook/e…
That code is called the digital signature.
The above explanation was taken from the wonderful Mastering Ethereum book, which you can find free on GitHub.
github.com/ethereumbook/e…
Smart contracts on Ethereum have access to the built-in ECDSA signature verification algorithm through the system method `ecrecover`.
The built-in function lets you verify the integrity of the signed hashed data and recover the signer’s public key.
The built-in function lets you verify the integrity of the signed hashed data and recover the signer’s public key.
It uses `V,R,S` from ECDSA and the hash of the message.
Remember, digital signatures don’t need to only relate to transactions. With a private key, we can sign any arbitrary data.
And thanks to `ecrecover`, we have a way of verifying signatures from within smart contracts! 🎉
Remember, digital signatures don’t need to only relate to transactions. With a private key, we can sign any arbitrary data.
And thanks to `ecrecover`, we have a way of verifying signatures from within smart contracts! 🎉
We won't go deep into what possibilities this opens, but in general you can create meta-transactions.
A meta-transaction is a method for separating the person who pays for the gas of a transaction from the person who benefits from the transaction’s execution...
A meta-transaction is a method for separating the person who pays for the gas of a transaction from the person who benefits from the transaction’s execution...
...a user signs the inner, meta-transaction and then sends it to an operator -- no gas and blockchain interaction required.
The operator takes this signed meta-tx and submits it to the blockchain, paying for the fees of the outer, regular transaction himself
😵💫? Don't be!
The operator takes this signed meta-tx and submits it to the blockchain, paying for the fees of the outer, regular transaction himself
😵💫? Don't be!
An example of the above would be ERC20-Permit.
One awkward problem with the standard ERC20 is that it takes a two-step process to allow a smart contract to use a user’s funds.
One awkward problem with the standard ERC20 is that it takes a two-step process to allow a smart contract to use a user’s funds.
First, we need to create an `approve()` transaction.
We need to wait for the transaction to mine, and after it, we can call `transferFrom()` from the contract itself to do some operations.
ERC20-Permit can simplify the process!
Here's how 👇
We need to wait for the transaction to mine, and after it, we can call `transferFrom()` from the contract itself to do some operations.
ERC20-Permit can simplify the process!
Here's how 👇
With ERC20-Permit's permit function, you just sign the meta-transaction with your wallet, and someone else (such as DEX or another application) can submit it to the blockchain on your behalf.
Easy, right?
This would save you gas and the need for 2 transactions 🥳
but...
Easy, right?
This would save you gas and the need for 2 transactions 🥳
but...
What if a valid signature might be used several times in other places where it’s not intended to be used?
We will talk about common pitfalls in the next thread dedicated just for this!
We will talk about common pitfalls in the next thread dedicated just for this!
And if you prefer reading a blog post instead and don't want to wait for the next thread, check out our awesome article on the subject!
medium.com/immunefi/intro…
medium.com/immunefi/intro…
If you liked this thread, please like and retweet to share the knowledge at #immunefischool and other Web3 communities.
The more you know, the safer the ecosystem!⛑
See ya in the next one!👋
The more you know, the safer the ecosystem!⛑
See ya in the next one!👋
• • •
Missing some Tweet in this thread? You can try to
force a refresh
