Merge pull request #152 from 0xProject/fix/signature-verification

Add signature verification as a part of order validation
2017-09-06 10:39:43 +02:00
parent f0a5ad2d20 35c133caed
commit 07da617c05
3 changed files with 17 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@ v0.13.0 - _TBD, 2017_
    * Made all the functions submitting transactions to the network to immediately return transaction hash (#151)
    * Added `zeroEx.awaitTransactionMinedAsync` (#151)
    * Added `TransactionReceiptWithDecodedLogs`, `LogWithDecodedArgs`, `DecodedLogArgs` to public types (#151)
+    * Added signature validation to `validateFillOrderThrowIfInvalidAsync` (#152)

 v0.12.1 - _September 2, 2017_
    * Added the support for web3@1.x.x provider (#142)
--- a/src/utils/order_validation_utils.ts
+++ b/src/utils/order_validation_utils.ts
@@ -1,4 +1,5 @@
-import {ExchangeContractErrs, SignedOrder, Order} from '../types';
+import {ExchangeContractErrs, SignedOrder, Order, ZeroExError} from '../types';
+import {ZeroEx} from '../0x.js';
 import {TokenWrapper} from '../contract_wrappers/token_wrapper';
 import {ExchangeWrapper} from '../contract_wrappers/exchange_wrapper';
 import {utils} from '../utils/utils';
@@ -19,6 +20,9 @@ export class OrderValidationUtils {
            throw new Error(ExchangeContractErrs.OrderFillAmountZero);
        }
        const orderHash = utils.getOrderHashHex(signedOrder);
+        if (!ZeroEx.isValidSignature(orderHash, signedOrder.ecSignature, signedOrder.maker)) {
+            throw new Error(ZeroExError.InvalidSignature);
+        }
        const unavailableTakerTokenAmount = await this.exchangeWrapper.getUnavailableTakerAmountAsync(orderHash);
        if (signedOrder.makerTokenAmount.eq(unavailableTakerTokenAmount)) {
            throw new Error(ExchangeContractErrs.OrderRemainingFillAmountZero);
--- a/test/order_validation_test.ts
+++ b/test/order_validation_test.ts
@@ -4,7 +4,7 @@ import * as BigNumber from 'bignumber.js';
 import promisify = require('es6-promisify');
 import {chaiSetup} from './utils/chai_setup';
 import {web3Factory} from './utils/web3_factory';
-import {ZeroEx, SignedOrder, Token, ExchangeContractErrs} from '../src';
+import {ZeroEx, SignedOrder, Token, ExchangeContractErrs, ZeroExError} from '../src';
 import {TokenUtils} from './utils/token_utils';
 import {BlockchainLifecycle} from './utils/blockchain_lifecycle';
 import {FillScenarios} from './utils/fill_scenarios';
@@ -64,6 +64,16 @@ describe('OrderValidation', () => {
                signedOrder, zeroFillAmount, takerAddress,
            )).to.be.rejectedWith(ExchangeContractErrs.OrderFillAmountZero);
        });
+        it('should throw when the signature is invalid', async () => {
+            const signedOrder = await fillScenarios.createFillableSignedOrderAsync(
+                makerTokenAddress, takerTokenAddress, makerAddress, takerAddress, fillableAmount,
+            );
+            // 27 <--> 28
+            signedOrder.ecSignature.v = 27 + (28 - signedOrder.ecSignature.v);
+            return expect(zeroEx.exchange.validateFillOrderThrowIfInvalidAsync(
+                signedOrder, fillableAmount, takerAddress,
+            )).to.be.rejectedWith(ZeroExError.InvalidSignature);
+        });
        it('should throw when the order is fully filled or cancelled', async () => {
            const signedOrder = await fillScenarios.createFillableSignedOrderAsync(
                makerTokenAddress, takerTokenAddress, makerAddress, takerAddress, fillableAmount,