ECDSA signature generation does not follow RFC-6979 #9499

pmerkleplant · 2024-12-05T16:35:24Z

The ECDSA signatures generated by the vm.sign() cheatcode do not strictly follow RFC-6979. For more info regarding the details, see this analysis.

Note that the underlying ECDSA functionality is provided via RustCrypto which fixed the issue in a recent prerelease, see RustCrypto/elliptic-curves#1100.

Creating this as tracking issue, can be closed once foundry updates to the new RustCrypto version.

The text was updated successfully, but these errors were encountered:

zerosnacks · 2025-01-03T11:21:55Z

For future reference: Foundry is using this through the k256 crate and we are waiting for the 0.14 release to land: https://crates.io/crates/k256/versions

alloy-core also re-exports k256, added a tracking ticket for that here: alloy-rs/core#837

DaniPopes transferred this issue from foundry-rs/forge-std Dec 5, 2024

github-project-automation bot added this to Foundry Dec 5, 2024

github-project-automation bot moved this to Todo in Foundry Dec 5, 2024

DaniPopes added A-dependencies Area: dependencies T-chore Type: chore labels Dec 5, 2024

zerosnacks modified the milestone: v1.0.0 Dec 5, 2024

zerosnacks added the T-blocked Type: blocked label Jan 3, 2025

zerosnacks mentioned this issue Jan 3, 2025

[Tracking] ECDSA signature generation does not follow RFC-6979 alloy-rs/core#837

Open

Provide feedback