Web3.js: invalid sign result

Created on 6 Nov 2018  路  10Comments  路  Source: ChainSafe/web3.js

I am using web3 1.0 to sign some message ,and verifity it in contract.

let signature = await web3.eth.sign(msHash, accounts[0]);

If set web3's privoder to metamask it work well, my contract can return the correct address, but if set it to use infura or other eth node it return a invalid sign and my contract can't verifity it.

bug
Source
picture toknT
👍1

Most helpful comment

This got fixed during the refactoring. If you pass an address where a related local unlocked account exists will it sign the message locally and otherwise it will send it to the node/MetaMask. Please update to the latest version of Web3.js to get this fix.

picture nivida on 20 Mar 2019
2

All 10 comments

I have experienced the same problem. This is solved by using the Elliptic module. https://github.com/indutny/elliptic
To be precise, v values are different.

Nipol picture Nipol on 18 Nov 2018

Problem may be signing prefix related as it differs across various methods. See: https://github.com/OpenZeppelin/openzeppelin-solidity/issues/644

Aniket-Engg picture Aniket-Engg on 20 Nov 2018

UPDATED

Ethereum only accept low-s signature since EIP-2. (https://ethereum.stackexchange.com/questions/55245/why-is-s-in-transaction-signature-limited-to-n-21)

secp256k1-node only could verify lower-s signature. ethereum-js using secp256k1 library. And metamask using ethereum-js (https://github.com/MetaMask/eth-sig-util/blob/2648e7632be7ce8fa21bd29729b6b4d22c96723a/index.js).

https://github.com/cryptocoinjs/secp256k1-node/issues/90~~

gurrpi picture gurrpi on 5 Dec 2018

@gurrpi Thanks for giving me additional details. I will check it out and fix it asap.

nivida picture nivida on 7 Feb 2019

Not sure if I should add this directly to this issue, but I think there is some general error with 'elliptic'.
When using web3.eth.accounts.privateKeyToAccount I'm getting the following error:

TypeError: Cannot read property 'fromRed' of null
    at Point.getX (node_modules/elliptic/lib/elliptic/curve/short.js:416:17)
    at Point._encode (node_modules/elliptic/lib/elliptic/curve/base.js:294:16)
    at Point.encode (node_modules/elliptic/lib/elliptic/curve/base.js:303:28)
    at KeyPair.getPublic (node_modules/elliptic/lib/elliptic/ec/key.js:67:19)
    at Object.fromPrivate (node_modules/eth-lib/lib/account.js:25:34)
    at Proxy.privateKeyToAccount (node_modules/web3-eth-accounts/dist/web3-eth-accounts.cjs.js:101:48)

Using the latest version of web3 with node 10.

Haidy777 picture Haidy777 on 13 Feb 2019
👍2

Im also experiencing this problem. All v are returning 01 or 00, while they should be 27 or 28.
If I hack around the contract to add 27 when < 27, then it recovers wrong address.

3esmit picture 3esmit on 15 Mar 2019

My problem was that ganache-cli is prepending the prefix "Ethereum Signed Message" in web3.eth.sign, and I also needed to change the v it returned from 00/01 to 27/28.

3esmit picture 3esmit on 15 Mar 2019
👍2

This got fixed during the refactoring. If you pass an address where a related local unlocked account exists will it sign the message locally and otherwise it will send it to the node/MetaMask. Please update to the latest version of Web3.js to get this fix.

nivida picture nivida on 20 Mar 2019
2

My problem was that ganache-cli is prepending the prefix "Ethereum Signed Message" in web3.eth.sign, and I also needed to change the v it returned from 00/01 to 27/28.

Same issue here. I also need to change the v from 00/01 (seems to be implemented in current web3js) to 27/28 to be compatible with geth and openzeppelin-solidity (^v2.2.0). Check this recent PR of openzeppelin-solidity: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1622

stevenlcf picture stevenlcf on 30 Apr 2019

Not sure if I should add this directly to this issue, but I think there is some general error with 'elliptic'.
When using web3.eth.accounts.privateKeyToAccount I'm getting the following error:

TypeError: Cannot read property 'fromRed' of null
    at Point.getX (node_modules/elliptic/lib/elliptic/curve/short.js:416:17)
    at Point._encode (node_modules/elliptic/lib/elliptic/curve/base.js:294:16)
    at Point.encode (node_modules/elliptic/lib/elliptic/curve/base.js:303:28)
    at KeyPair.getPublic (node_modules/elliptic/lib/elliptic/ec/key.js:67:19)
    at Object.fromPrivate (node_modules/eth-lib/lib/account.js:25:34)
    at Proxy.privateKeyToAccount (node_modules/web3-eth-accounts/dist/web3-eth-accounts.cjs.js:101:48)

Using the latest version of web3 with node 10.

I had this issue on web3.js version v1.2.1. I had my privateKey between quotes in my .env file (nodejs - express project). Removing the quotes in the .env file made it work :)

DalderupMaurice picture DalderupMaurice on 25 Aug 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

3sGgpQ8H picture 3sGgpQ8H  路  3Comments
joeriexelmans picture joeriexelmans  路  3Comments
baxy picture baxy  路  3Comments
zamoore picture zamoore  路  3Comments
mishell-trickster picture mishell-trickster  路  3Comments