Solidity

智能合約如何可靠地從簽名消息中檢索資訊?

  • November 21, 2020

dapp 可以使用web3.js

// recipient is the address that should be paid.
// amount, in wei, specifies how much ether should be sent.
// nonce can be any unique number, used to prevent replay attacks.
// contractAddress is used to prevent cross-contract replay attacks.
function signPayment(recipient, amount, nonce, contractAddress, callback) {
 var hash = "0x" + ethereumjs.ABI.soliditySHA3(
   ["address", "uint256", "uint256", "address"],
   [recipient, amount, nonce, contractAddress]
 ).toString("hex");

 web3.personal.sign(hash, web3.eth.defaultAccount, callback);
}

簽名的消息可以在智能合約中呼叫函式時發送,並且內置的solidity函式ecrecover可以恢復用於簽名消息的地址。智能合約如何恢復recipient, amount, nonce, contractAddress簽名消息中的其他資訊以進行進一步驗證?例如,智能合約可以將他自己的地址與已contractAddress簽名的消息進行比較,以確保該消息確實是給他的。

您只能從簽名中恢復地址。

合約通常接收參數、構造消息、對其進行雜湊處理,然後從雜湊處理的消息中恢復簽名。這樣您就可以確定參數用於獲取簽名。

引用自:https://ethereum.stackexchange.com/questions/90355