What's the typehash for in eth_signTypedData_v3?

irma_maghradze · February 17, 2024, 8:38am

Assume I'm implementing EIP-712 signatures in solidity.

contract Nice {
   bytes32 private constant BID_TYPE_HASH = keccak256("Bid(uint256 num1,uint256 num2)");

   struct Bid {
     uint256 num1;
     uint256 num2;
   }

   function verify(Bid memory bid) {
        bytes32 hashed = keccak256(abi.encodePacked(
           "\x19\x01",
            DOMAIN_SEPARATOR,
            keccak256(abi.encode(
               BID_TYPE_HASH,
               bid.num1,
               bid.num2
            ))
        ));
   }

}

The above works great, but what's the rationale of even using BID_TYPE_HASH ? To ask it in better words, what if EIP suggested to do:

bytes32 hashed = keccak256(abi.encodePacked(
  "\x19\x01",
  DOMAIN_SEPARATOR,
  keccak256(abi.encode(
     bid.num1,
     bid.num2
  ))
));

What could go wrong now ? Domain Separator already distinguishes dapps, so isn't that enough ? Can you provide an example where this suggested code breaks and defeats the use-case ?

barakman · February 17, 2024, 8:54am

I'm pretty sure that you should not include the input argument names here.
in other words, you should probably use keccak256("Bid(uint256,uint256)").

Also, you might need to cast it from bytes32 to bytes4.
At least that's how it works when it comes to function selectors.

irma_maghradze · February 17, 2024, 9:02am

@barakman

I include them and it still works. so that's not a problem.

My original question is about why type hashes are even used. What purpose do they account for ?

barakman · February 17, 2024, 9:30am

You are correct.
The typeHash's primary purpose is preventing collisions.
And for that purpose, a function-selector would not suffice.
Several other alternatives were considered and rejected.
See here for more details.

irma_maghradze · February 17, 2024, 9:32am

I saw that link before, but it didn't help.and i alsoo didn't understand what "preventing collisions" we mean. While I know what function collisions are, i don't know how struct collisions happen or why

barakman · February 17, 2024, 9:39am

A hash-collision happens when two different input values are hashed into the same output value.

Consider y = hash(x1), where y is known and x1 is unknown.

The ability to compute x2 such that hash(x2) = y is considered as a security-weakness which can be used as an exploit, despite the fact that the value of x1 remains a secret.

Function keccak256 is considered a collision-resistant hash function, because perpetrating that sort of attack is assumed computationally impossible.

irma_maghradze · February 17, 2024, 10:03am

can you provide a code for EIP712 contract such that if we didn't use type hash, what security problem would happen ? i understood your comment, but still having hard time seeing its usecase in my original example

Topic		Replies	Views
Permit2 TypeHash Inconsistency Support etherscan-verify	0	24	November 5, 2024
Can't verify v4 signature with array value Smart Contracts etherscan-verify	1	669	July 28, 2022
Verifying TypedData signature in Solidity using _hashTypedDataV4 Contracts etherscan-verify	8	1504	June 16, 2023
ERC20 Permit and EIP712 permit typehash with owner Contracts erc20	2	500	December 16, 2023
Keccak256(abi.encode()) and ethers.solidityPackedKeccak256 give different hashes Smart Contracts	1	282	May 8, 2024

What's the typehash for in eth_signTypedData_v3?

Related topics