Add checkNSignatures method (#298)

Author: rmeissner

contracts/GnosisSafe.sol

@@ -227,16 +227,32 @@ contract GnosisSafe is
         uint256 _threshold = threshold;
         // Check that a threshold is set
         require(_threshold > 0, "GS001");
+        checkNSignatures(dataHash, data, signatures, _threshold);
+    }
+
+    /**
+     * @dev Checks whether the signature provided is valid for the provided data, hash. Will revert otherwise.
+     * @param dataHash Hash of the data (could be either a message hash or transaction hash)
+     * @param data That should be signed (this is passed to an external validator contract)
+     * @param signatures Signature data that should be verified. Can be ECDSA signature, contract signature (EIP-1271) or approved hash.
+     * @param requiredSignatures Amount of required valid signatures.
+     */
+    function checkNSignatures(
+        bytes32 dataHash,
+        bytes memory data,
+        bytes memory signatures,
+        uint256 requiredSignatures
+    ) public view {
         // Check that the provided signature data is not too short
-        require(signatures.length >= _threshold.mul(65), "GS020");
+        require(signatures.length >= requiredSignatures.mul(65), "GS020");
         // There cannot be an owner with address 0.
         address lastOwner = address(0);
         address currentOwner;
         uint8 v;
         bytes32 r;
         bytes32 s;
         uint256 i;
-        for (i = 0; i < _threshold; i++) {
+        for (i = 0; i < requiredSignatures; i++) {
             (v, r, s) = signatureSplit(signatures, i);
             if (v == 0) {
                 // If v is 0 then it is a contract signature
@@ -246,7 +262,7 @@ contract GnosisSafe is
                 // Check that signature data pointer (s) is not pointing inside the static part of the signatures bytes
                 // This check is not completely accurate, since it is possible that more signatures than the threshold are send.
                 // Here we only check that the pointer is not pointing inside the part that is being processed
-                require(uint256(s) >= _threshold.mul(65), "GS021");
+                require(uint256(s) >= requiredSignatures.mul(65), "GS021");
 
                 // Check that signature data pointer (s) is in bounds (points to the length of data -> 32 bytes)
                 require(uint256(s).add(32) <= signatures.length, "GS022");

contracts/libraries/Migrate_1_3_0_to_1_2_0.sol

@@ -25,7 +25,7 @@ contract Migration {
     bytes32 private _slot3;
     bytes32 private _slot4;
     bytes32 private _slot5;
-    // For the migration we need to set the old domain seperator in storage
+    // For the migration we need to set the old domain separator in storage
     bytes32 private domainSeparator;
 
     // Define guard last to avoid conflict with Safe storage layout

test/core/GnosisSafe.Signatures.spec.ts

@@ -230,7 +230,7 @@ describe("GnosisSafe", async () => {
             ).to.be.revertedWith("GS021")
         })
 
-        it('should fail if sigantures data is not present', async () => {
+        it('should fail if signatures data is not present', async () => {
             const { safe } = await setupTests()
             const tx = buildSafeTransaction({ to: safe.address, nonce: await safe.nonce() })
             const txHashData = preimageSafeTransactionHash(safe, tx, await chainId())
@@ -243,7 +243,7 @@ describe("GnosisSafe", async () => {
             ).to.be.revertedWith("GS022")
         })
 
-        it('should fail if sigantures data is too short', async () => {
+        it('should fail if signatures data is too short', async () => {
             const { safe } = await setupTests()
             const tx = buildSafeTransaction({ to: safe.address, nonce: await safe.nonce() })
             const txHashData = preimageSafeTransactionHash(safe, tx, await chainId())
@@ -335,4 +335,154 @@ describe("GnosisSafe", async () => {
             await safe.checkSignatures(txHash, txHashData, signatures)
         })
     })
+
+    describe("checkSignatures", async () => {
+        it('should fail if signature points into static part', async () => {
+            const { safe } = await setupTests()
+            const tx = buildSafeTransaction({ to: safe.address, nonce: await safe.nonce() })
+            const txHashData = preimageSafeTransactionHash(safe, tx, await chainId())
+            const txHash = calculateSafeTransactionHash(safe, tx, await chainId())
+            const signatures = "0x" + "000000000000000000000000" + user1.address.slice(2) + "0000000000000000000000000000000000000000000000000000000000000020" + "00" + // r, s, v  
+                "0000000000000000000000000000000000000000000000000000000000000000" // Some data to read
+            await expect(
+                safe.checkNSignatures(txHash, txHashData, signatures, 1)
+            ).to.be.revertedWith("GS021")
+        })
+
+        it('should fail if signatures data is not present', async () => {
+            const { safe } = await setupTests()
+            const tx = buildSafeTransaction({ to: safe.address, nonce: await safe.nonce() })
+            const txHashData = preimageSafeTransactionHash(safe, tx, await chainId())
+            const txHash = calculateSafeTransactionHash(safe, tx, await chainId())
+
+            const signatures = "0x" + "000000000000000000000000" + user1.address.slice(2) + "0000000000000000000000000000000000000000000000000000000000000041" + "00" // r, s, v
+
+            await expect(
+                safe.checkNSignatures(txHash, txHashData, signatures, 1)
+            ).to.be.revertedWith("GS022")
+        })
+
+        it('should fail if signatures data is too short', async () => {
+            const { safe } = await setupTests()
+            const tx = buildSafeTransaction({ to: safe.address, nonce: await safe.nonce() })
+            const txHashData = preimageSafeTransactionHash(safe, tx, await chainId())
+            const txHash = calculateSafeTransactionHash(safe, tx, await chainId())
+
+            const signatures = "0x" + "000000000000000000000000" + user1.address.slice(2) + "0000000000000000000000000000000000000000000000000000000000000041" + "00" + // r, s, v
+                "0000000000000000000000000000000000000000000000000000000000000020" // length
+
+            await expect(
+                safe.checkNSignatures(txHash, txHashData, signatures, 1)
+            ).to.be.revertedWith("GS023")
+        })
+
+        it('should not be able to use different chainId for signing', async () => {
+            await setupTests()
+            const safe = await getSafeWithOwners([user1.address])
+            const tx = buildSafeTransaction({ to: safe.address, nonce: await safe.nonce() })
+            const txHashData = preimageSafeTransactionHash(safe, tx, await chainId())
+            const txHash = calculateSafeTransactionHash(safe, tx, await chainId())
+            const signatures = buildSignatureBytes([await safeSignTypedData(user1, safe, tx, 1)])
+            await expect(
+                safe.checkNSignatures(txHash, txHashData, signatures, 1)
+            ).to.be.revertedWith("GS026")
+        })
+
+        it('if not msg.sender on-chain approval is required', async () => {
+            const { safe } = await setupTests()
+            const user2Safe = safe.connect(user2)
+            const tx = buildSafeTransaction({ to: safe.address, nonce: await safe.nonce() })
+            const txHashData = preimageSafeTransactionHash(safe, tx, await chainId())
+            const txHash = calculateSafeTransactionHash(safe, tx, await chainId())
+            const signatures = buildSignatureBytes([await safeApproveHash(user1, safe, tx, true)])
+            await expect(
+                user2Safe.checkNSignatures(txHash, txHashData, signatures, 1)
+            ).to.be.revertedWith("GS025")
+        })
+
+        it('should revert if not the required amount of signature data is provided', async () => {
+            await setupTests()
+            const safe = await getSafeWithOwners([user1.address, user2.address, user3.address])
+            const tx = buildSafeTransaction({ to: safe.address, nonce: await safe.nonce() })
+            const txHashData = preimageSafeTransactionHash(safe, tx, await chainId())
+            const txHash = calculateSafeTransactionHash(safe, tx, await chainId())
+            await expect(
+                safe.checkNSignatures(txHash, txHashData, "0x", 1)
+            ).to.be.revertedWith("GS020")
+        })
+
+        it('should not be able to use different signature type of same owner', async () => {
+            await setupTests()
+            const safe = await getSafeWithOwners([user1.address, user2.address, user3.address])
+            const tx = buildSafeTransaction({ to: safe.address, nonce: await safe.nonce() })
+            const txHashData = preimageSafeTransactionHash(safe, tx, await chainId())
+            const txHash = calculateSafeTransactionHash(safe, tx, await chainId())
+            const signatures = buildSignatureBytes([
+                await safeApproveHash(user1, safe, tx),
+                await safeSignTypedData(user1, safe, tx),
+                await safeSignTypedData(user3, safe, tx)
+            ])
+            await expect(
+                safe.checkNSignatures(txHash, txHashData, signatures, 3)
+            ).to.be.revertedWith("GS026")
+        })
+
+        it('should be able to mix all signature types', async () => {
+            await setupTests()
+            const safe = await getSafeWithOwners([user1.address, user2.address, user3.address, user4.address])
+            const tx = buildSafeTransaction({ to: safe.address, nonce: await safe.nonce() })
+            const txHashData = preimageSafeTransactionHash(safe, tx, await chainId())
+            const txHash = calculateSafeTransactionHash(safe, tx, await chainId())
+            const signatures = buildSignatureBytes([
+                await safeApproveHash(user1, safe, tx, true),
+                await safeApproveHash(user4, safe, tx),
+                await safeSignTypedData(user2, safe, tx),
+                await safeSignTypedData(user3, safe, tx)
+            ])
+
+            await safe.checkNSignatures(txHash, txHashData, signatures, 3)
+        })
+
+        it('should be able to require no signatures', async () => {
+            await setupTests()
+            const safe = await getSafeTemplate()
+            const tx = buildSafeTransaction({ to: safe.address, nonce: await safe.nonce() })
+            const txHashData = preimageSafeTransactionHash(safe, tx, await chainId())
+            const txHash = calculateSafeTransactionHash(safe, tx, await chainId())
+
+            await safe.checkNSignatures(txHash, txHashData, "0x", 0)
+        })
+
+        it('should be able to require less signatures than the threshold', async () => {
+            await setupTests()
+            const safe = await getSafeWithOwners([user1.address, user2.address, user3.address, user4.address])
+            const tx = buildSafeTransaction({ to: safe.address, nonce: await safe.nonce() })
+            const txHashData = preimageSafeTransactionHash(safe, tx, await chainId())
+            const txHash = calculateSafeTransactionHash(safe, tx, await chainId())
+            const signatures = buildSignatureBytes([
+                await safeSignTypedData(user3, safe, tx)
+            ])
+
+            await safe.checkNSignatures(txHash, txHashData, signatures, 1)
+        })
+
+        it('should be able to require more signatures than the threshold', async () => {
+            await setupTests()
+            const safe = await getSafeWithOwners([user1.address, user2.address, user3.address, user4.address], 2)
+            const tx = buildSafeTransaction({ to: safe.address, nonce: await safe.nonce() })
+            const txHashData = preimageSafeTransactionHash(safe, tx, await chainId())
+            const txHash = calculateSafeTransactionHash(safe, tx, await chainId())
+            const signatures = buildSignatureBytes([
+                await safeApproveHash(user1, safe, tx, true),
+                await safeApproveHash(user4, safe, tx),
+                await safeSignTypedData(user2, safe, tx)
+            ])
+            // Should fail as only 3 signaures are provided
+            await expect(
+                safe.checkNSignatures(txHash, txHashData, signatures, 4)
+            ).to.be.revertedWith("GS020")
+
+            await safe.checkNSignatures(txHash, txHashData, signatures, 3)
+        })
+    })
 })