mitigations: off chain signature validator (#331)

PartyDAO · Nov 29, 2023 · be04028 · be04028
1 parent 98e684c
commit be04028
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/contracts/signature-validators/OffChainSignatureValidator.sol b/contracts/signature-validators/OffChainSignatureValidator.sol
@@ -10,6 +10,7 @@ contract OffChainSignatureValidator is IERC1271 {
     error NotMemberOfParty();
     error InsufficientVotingPower();
     error MessageHashMismatch();
+    error InvalidSignature();
 
     /// @notice Event emitted when signing threshold updated
     event SigningThresholdBpsSet(
@@ -56,6 +57,11 @@ contract OffChainSignatureValidator is IERC1271 {
 
         Party party = Party(payable(msg.sender));
         address signer = ecrecover(hash, v, r, s);
+
+        if (signer == address(0)) {
+            revert InvalidSignature();
+        }
+
         uint96 signerVotingPowerBps = party.getVotingPowerAt(
             signer,
             uint40(block.timestamp),
@@ -73,7 +79,7 @@ contract OffChainSignatureValidator is IERC1271 {
         // Either threshold is 0 or signer votes above threshold
         if (
             thresholdBps == 0 ||
-            (signerVotingPowerBps > totalVotingPower &&
+            (signerVotingPowerBps >= totalVotingPower &&
                 signerVotingPowerBps / totalVotingPower >= thresholdBps)
         ) {
             return IERC1271.isValidSignature.selector;

diff --git a/test/signature-validators/OffChainSignatureValidator.t.sol b/test/signature-validators/OffChainSignatureValidator.t.sol
@@ -186,6 +186,28 @@ contract OffChainSignatureValidatorTest is SetupPartyHelper {
         assertEq(abi.decode(res, (bytes4)), IERC1271.isValidSignature.selector);
     }
 
+    function testOffChainSignatureValidator_invalidSignature() public {
+        string memory message = "Hello, this is my message";
+        bytes memory encondedMessage = abi.encodePacked(message);
+        bytes memory encodedPacket = abi.encodePacked(
+            "\x19Ethereum Signed Message:\n",
+            Strings.toString(encondedMessage.length),
+            encondedMessage
+        );
+        bytes32 messageHash = keccak256(encodedPacket);
+        (, bytes32 r, bytes32 s) = vm.sign(johnPk, messageHash);
+        bytes memory signature = abi.encodePacked(r, s, uint8(0), message);
+
+        bytes memory staticCallData = abi.encodeWithSelector(
+            IERC1271.isValidSignature.selector,
+            messageHash,
+            signature
+        );
+        vm.startPrank(address(0), address(0));
+        vm.expectRevert(OffChainSignatureValidator.InvalidSignature.selector);
+        address(party).staticcall(staticCallData);
+    }
+
     function _signMessage(
         uint256 privateKey,
         string memory message