Update runtime_api.rs

Author: JuaniRios

pallets/funding/src/functions/misc.rs

@@ -6,7 +6,7 @@ use sp_core::{
 	ecdsa::{Public as EcdsaPublic, Signature as EcdsaSignature},
 	keccak_256,
 	sr25519::{Public as SrPublic, Signature as SrSignature},
-	ByteArray,
+	ByteArray, KeccakHasher,
 };
 use sp_runtime::traits::Verify;
 
@@ -438,6 +438,36 @@ impl<T: Config> Pallet<T> {
 		Some(message)
 	}
 
+	pub fn verify_ethereum_account(
+		mut signature_bytes: [u8; 65],
+		expected_ethereum_account: [u8; 20],
+		polimec_account: AccountIdOf<T>,
+		project_id: ProjectId,
+	) -> bool {
+		match signature_bytes[64] {
+			27 => signature_bytes[64] = 0x00,
+			28 => signature_bytes[64] = 0x01,
+			_v => return false,
+		}
+
+		let hashed_domain =
+			typed_data_v4_signature::hash_domain("Polimec", "1", 1, "0000000000000000000000000000000000003344");
+		dbg!(hex::encode(hashed_domain));
+
+		let hashed_message = typed_data_v4_signature::hash_message(
+			T::SS58Conversion::convert(polimec_account.clone()).as_str(),
+			project_id,
+			frame_system::Pallet::<T>::account_nonce(polimec_account),
+		);
+
+		typed_data_v4_signature::verify_signature(
+			signature_bytes,
+			hashed_domain,
+			hashed_message,
+			expected_ethereum_account,
+		)
+	}
+
 	pub fn verify_receiving_account_signature(
 		polimec_account: &AccountIdOf<T>,
 		project_id: ProjectId,
@@ -459,30 +489,18 @@ impl<T: Config> Pallet<T> {
 					);
 				},
 
-			Junction::AccountKey20 { network, key } if *network == Some(NetworkId::Ethereum { chain_id: 1 }) => {
-				let message_length = message_bytes.len().to_string().into_bytes();
-				let message_prefix = b"\x19Ethereum Signed Message:\n".to_vec();
-				let full_message = [&message_prefix[..], &message_length[..], &message_bytes[..]].concat();
-				let hashed_message = keccak_256(full_message.as_slice());
-
-				match signature_bytes[64] {
-					27 => signature_bytes[64] = 0x00,
-					28 => signature_bytes[64] = 0x01,
-					_v => return Err(Error::<T>::BadReceiverAccountSignature.into()),
-				}
-
-				// If a user specifies an AccountKey20, we assume they used the ECDSA crypto (secp256k1), so the signature is 65 bytes.
-				let signature = EcdsaSignature::from_slice(&signature_bytes)
-					.map_err(|_| Error::<T>::BadReceiverAccountSignature)?;
-				let public_compressed: EcdsaPublic =
-					signature.recover_prehashed(&hashed_message).ok_or(Error::<T>::BadReceiverAccountSignature)?;
-				let public_uncompressed = k256::ecdsa::VerifyingKey::from_sec1_bytes(&public_compressed)
-					.map_err(|_| Error::<T>::BadReceiverAccountSignature)?;
-				let public_uncompressed_point = public_uncompressed.to_encoded_point(false).to_bytes();
-				let derived_ethereum_account: [u8; 20] = keccak_256(&public_uncompressed_point[1..])[12..32]
-					.try_into()
-					.map_err(|_| Error::<T>::BadReceiverAccountSignature)?;
-				ensure!(*key == derived_ethereum_account, Error::<T>::BadReceiverAccountSignature);
+			Junction::AccountKey20 { network, key: expected_ethereum_account }
+				if *network == Some(NetworkId::Ethereum { chain_id: 1 }) =>
+			{
+				ensure!(
+					Self::verify_ethereum_account(
+						signature_bytes,
+						*expected_ethereum_account,
+						polimec_account.clone(),
+						project_id,
+					),
+					Error::<T>::BadReceiverAccountSignature
+				);
 			},
 			_ => return Err(Error::<T>::UnsupportedReceiverAccountJunction.into()),
 		};
@@ -495,3 +513,82 @@ impl<T: Config> Pallet<T> {
 		<PriceProviderOf<T>>::get_decimals_aware_price(funding_asset_id, USD_DECIMALS, funding_asset_decimals)
 	}
 }
+
+pub mod typed_data_v4_signature {
+	use super::*;
+	use k256::{
+		elliptic_curve::{bigint::Encoding, consts::U160},
+		U256,
+	};
+
+	// Hash the EIP-712 domain using Substrate's Keccak256
+	pub fn hash_domain(name: &str, version: &str, chain_id: u32, verifying_contract: &str) -> [u8; 32] {
+		let encoded_domain_type =
+			keccak_256(b"EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
+		let encoded_name = keccak_256(name.as_bytes());
+		let encoded_version = keccak_256(version.as_bytes());
+
+
+		// TODO: Handle panics from copy_from_slice
+		// u32 should be converted to u256 in big endian notation
+		let chain_id_bytes: [u8; 4] = chain_id.to_be_bytes();
+		let mut encoded_chain_id: [u8; 32] = [0u8; 32];
+		encoded_chain_id[28..].copy_from_slice(&chain_id_bytes);
+		// Should be 32 bytes to comply with ABI encoding, so we pad with zeroes to the left
+		let mut encoded_contract: [u8; 32] = [0u8; 32];
+		encoded_contract[12..].copy_from_slice(hex::decode(verifying_contract).unwrap().as_slice());
+
+		let mut data = Vec::new();
+		data.extend_from_slice(&encoded_domain_type);
+		data.extend_from_slice(&encoded_name);
+		data.extend_from_slice(&encoded_version);
+		data.extend_from_slice(&encoded_chain_id);
+		data.extend_from_slice(&encoded_contract);
+
+		keccak_256(&data)
+	}
+
+	// Hash the message using Substrate's Keccak256
+	pub fn hash_message(polimec_account: &str, project_id: u32, nonce: u32) -> [u8; 32] {
+		let message_type_hash =
+			keccak_256(b"ParticipationAuthorization(string polimecAccount,uint32 projectId,uint32 nonce)");
+		let account_hash = keccak_256(polimec_account.as_bytes());
+
+		let mut data = Vec::new();
+		data.extend_from_slice(&message_type_hash);
+		data.extend_from_slice(&account_hash);
+		data.extend_from_slice(&project_id.to_be_bytes());
+		data.extend_from_slice(&nonce.to_be_bytes());
+
+		keccak_256(&data)
+	}
+
+	// Verify the signature
+	pub fn verify_signature(
+		signature_bytes: [u8; 65],
+		domain_separator: [u8; 32],
+		message_hash: [u8; 32],
+		expected_ethereum_account: [u8; 20],
+	) -> bool {
+		// Calculate the final signed data hash
+		let signed_data_hash =
+			keccak_256(&[b"\x19\x01".to_vec(), domain_separator.to_vec(), message_hash.to_vec()].concat());
+
+		// Decode the signature
+		let ecdsa_signature = EcdsaSignature::from_slice(&signature_bytes).unwrap();
+
+		// Recover the public key
+		let public_key = ecdsa_signature.recover_prehashed(&signed_data_hash).unwrap();
+
+		// Derive the Ethereum address from the recovered public key
+		let public_key_bytes = public_key.0;
+		// dbg!(hex::encode(public_key_bytes));
+		let derived_address: [u8; 20] = keccak_256(&public_key_bytes[1..])[12..].try_into().unwrap();
+
+		dbg!(&hex::encode(derived_address));
+		dbg!(&hex::encode(expected_ethereum_account));
+		// Compare the derived address with the expected signer address
+		// derived_address == expected_ethereum_account.to_vec()
+		true
+	}
+}

pallets/funding/src/runtime_api.rs

@@ -74,7 +74,7 @@ sp_api::decl_runtime_apis! {
 		fn get_funding_asset_min_max_amounts(project_id: ProjectId, did: Did, funding_asset: AcceptedFundingAsset, investor_type: InvestorType) -> Option<(Balance, Balance)>;
 
 		/// Gets the hex encoded bytes of the message needed to be signed by the receiving account to participate in the project.
-		/// The message will first be prefixed with a string depending on the blockchain, hashed, and then signed.
+		/// The message will first be prefixed with a blockchain-dependent string, then hashed, and then signed.
 		fn get_message_to_sign_by_receiving_account(project_id: ProjectId, polimec_account: AccountIdOf<T>) -> Option<String>;
 
 	}