Merge pull request #637 from 0xProject/bug/contracts/eip712-191-prefix

Add missing EIP191 prefix for EIP712 and Execute Transaction

7 files changed, 166 insertions, 45 deletions

diff --git a/packages/contracts/src/contracts/current/protocol/Exchange/MixinTransactions.sol b/packages/contracts/src/contracts/current/protocol/Exchange/MixinTransactions.sol
index 30b0102fd..f1332363c 100644
--- a/packages/contracts/src/contracts/current/protocol/Exchange/MixinTransactions.sol
+++ b/packages/contracts/src/contracts/current/protocol/Exchange/MixinTransactions.sol
@@ -20,8 +20,11 @@ pragma solidity ^0.4.24;
 import "./libs/LibExchangeErrors.sol";
 import "./mixins/MSignatureValidator.sol";
 import "./mixins/MTransactions.sol";
+import "./libs/LibExchangeErrors.sol";
+import "./libs/LibEIP712.sol";
 
 contract MixinTransactions is
+    LibEIP712,
     LibExchangeErrors,
     MSignatureValidator,
     MTransactions
@@ -34,6 +37,33 @@ contract MixinTransactions is
     // Address of current transaction signer
     address public currentContextAddress;
 
+    // Hash for the EIP712 ZeroEx Transaction Schema
+    bytes32 constant EIP712_ZEROEX_TRANSACTION_SCHEMA_HASH = keccak256(abi.encodePacked(
+        "ZeroExTransaction(",
+        "uint256 salt,",
+        "address signer,",
+        "bytes data",
+        ")"
+    ));
+
+    /// @dev Calculates EIP712 hash of the Transaction.
+    /// @param salt Arbitrary number to ensure uniqueness of transaction hash.
+    /// @param signer Address of transaction signer.
+    /// @param data AbiV2 encoded calldata.
+    /// @return EIP712 hash of the Transaction.
+    function hashZeroExTransaction(uint256 salt, address signer, bytes data)
+        internal
+        pure
+        returns (bytes32)
+    {
+        return keccak256(abi.encode(
+            EIP712_ZEROEX_TRANSACTION_SCHEMA_HASH,
+            salt,
+            signer,
+            keccak256(data)
+        ));
+    }
+
     /// @dev Executes an exchange method call in the context of signer.
     /// @param salt Arbitrary number to ensure uniqueness of transaction hash.
     /// @param signer Address of transaction signer.
@@ -53,13 +83,7 @@ contract MixinTransactions is
             REENTRANCY_ILLEGAL
         );
 
-        // Calculate transaction hash
-        bytes32 transactionHash = keccak256(abi.encodePacked(
-            address(this),
-            signer,
-            salt,
-            data
-        ));
+        bytes32 transactionHash = hashEIP712Message(hashZeroExTransaction(salt, signer, data));
 
         // Validate transaction has not been executed
         require(
diff --git a/packages/contracts/src/contracts/current/protocol/Exchange/libs/LibEIP712.sol b/packages/contracts/src/contracts/current/protocol/Exchange/libs/LibEIP712.sol
new file mode 100644
index 000000000..b983347a4
--- /dev/null
+++ b/packages/contracts/src/contracts/current/protocol/Exchange/libs/LibEIP712.sol
@@ -0,0 +1,64 @@
+/*
+
+  Copyright 2018 ZeroEx Intl.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+*/
+
+pragma solidity ^0.4.24;
+
+contract LibEIP712 {
+    // EIP191 header for EIP712 prefix
+    string constant EIP191_HEADER = "\x19\x01";
+
+    // EIP712 Domain Name value
+    string constant EIP712_DOMAIN_NAME = "0x Protocol";
+
+    // EIP712 Domain Version value
+    string constant EIP712_DOMAIN_VERSION = "2";
+
+    // Hash of the EIP712 Domain Separator Schema
+    bytes32 public constant EIP712_DOMAIN_SEPARATOR_SCHEMA_HASH = keccak256(abi.encodePacked(
+        "EIP712Domain(",
+        "string name,",
+        "string version,",
+        "address verifyingContract",
+        ")"
+    ));
+
+    // Hash of the EIP712 Domain Separator data
+    bytes32 public EIP712_DOMAIN_HASH;
+
+    constructor ()
+        public
+    {
+        EIP712_DOMAIN_HASH = keccak256(abi.encode(
+            EIP712_DOMAIN_SEPARATOR_SCHEMA_HASH,
+            keccak256(bytes(EIP712_DOMAIN_NAME)),
+            keccak256(bytes(EIP712_DOMAIN_VERSION)),
+            address(this)
+        ));
+    }
+
+    /// @dev Calculates EIP712 encoding for a hash struct in this EIP712 Domain.
+    /// @param hashStruct The EIP712 hash struct.
+    /// @return EIP712 hash applied to this EIP712 Domain.
+    function hashEIP712Message(bytes32 hashStruct)
+        internal
+        view
+        returns (bytes32)
+    {
+        return keccak256(abi.encodePacked(EIP191_HEADER, EIP712_DOMAIN_HASH, hashStruct));
+    }
+}
diff --git a/packages/contracts/src/contracts/current/protocol/Exchange/libs/LibOrder.sol b/packages/contracts/src/contracts/current/protocol/Exchange/libs/LibOrder.sol
index 05ea27ffc..bfc7aaae0 100644
--- a/packages/contracts/src/contracts/current/protocol/Exchange/libs/LibOrder.sol
+++ b/packages/contracts/src/contracts/current/protocol/Exchange/libs/LibOrder.sol
@@ -18,13 +18,14 @@
 
 pragma solidity ^0.4.24;
 
-contract LibOrder {
+import "./LibEIP712.sol";
 
-    bytes32 constant DOMAIN_SEPARATOR_SCHEMA_HASH = keccak256(abi.encodePacked(
-        "DomainSeparator(address contract)"
-    ));
+contract LibOrder is
+    LibEIP712
+{
 
-    bytes32 constant ORDER_SCHEMA_HASH = keccak256(abi.encodePacked(
+    // Hash for the EIP712 Order Schema
+    bytes32 constant EIP712_ORDER_SCHEMA_HASH = keccak256(abi.encodePacked(
         "Order(",
         "address makerAddress,",
         "address takerAddress,",
@@ -37,7 +38,7 @@ contract LibOrder {
         "uint256 expirationTimeSeconds,",
         "uint256 salt,",
         "bytes makerAssetData,",
-        "bytes takerAssetData,",
+        "bytes takerAssetData",
         ")"
     ));
 
@@ -85,27 +86,38 @@ contract LibOrder {
         view
         returns (bytes32 orderHash)
     {
-        // TODO: EIP712 is not finalized yet
-        // Source: https://github.com/ethereum/EIPs/pull/712
-        orderHash = keccak256(abi.encodePacked(
-            DOMAIN_SEPARATOR_SCHEMA_HASH,
-            keccak256(abi.encodePacked(address(this))),
-            ORDER_SCHEMA_HASH,
-            keccak256(abi.encodePacked(
-                order.makerAddress,
-                order.takerAddress,
-                order.feeRecipientAddress,
-                order.senderAddress,
-                order.makerAssetAmount,
-                order.takerAssetAmount,
-                order.makerFee,
-                order.takerFee,
-                order.expirationTimeSeconds,
-                order.salt,
-                keccak256(abi.encodePacked(order.makerAssetData)),
-                keccak256(abi.encodePacked(order.takerAssetData))
-            ))
-        ));
+        orderHash = hashEIP712Message(hashOrder(order));
         return orderHash;
     }
+
+    /// @dev Calculates EIP712 hash of the order.
+    /// @param order The order structure.
+    /// @return EIP712 hash of the order.
+    function hashOrder(Order memory order)
+        internal
+        pure
+        returns (bytes32 result)
+    {
+        bytes32 schemaHash = EIP712_ORDER_SCHEMA_HASH;
+        bytes32 makerAssetDataHash = keccak256(order.makerAssetData);
+        bytes32 takerAssetDataHash = keccak256(order.takerAssetData);
+        assembly {
+            // Backup
+            let temp1 := mload(sub(order,  32))
+            let temp2 := mload(add(order, 320))
+            let temp3 := mload(add(order, 352))
+            
+            // Hash in place
+            mstore(sub(order,  32), schemaHash)
+            mstore(add(order, 320), makerAssetDataHash)
+            mstore(add(order, 352), takerAssetDataHash)
+            result := keccak256(sub(order, 32), 416)
+            
+            // Restore
+            mstore(sub(order,  32), temp1)
+            mstore(add(order, 320), temp2)
+            mstore(add(order, 352), temp3)
+        }
+        return result;
+    }
 }
diff --git a/packages/contracts/src/contracts/current/test/TestLibs/TestLibs.sol b/packages/contracts/src/contracts/current/test/TestLibs/TestLibs.sol
index 47ce0dcf3..010080703 100644
--- a/packages/contracts/src/contracts/current/test/TestLibs/TestLibs.sol
+++ b/packages/contracts/src/contracts/current/test/TestLibs/TestLibs.sol
@@ -74,7 +74,7 @@ contract TestLibs is
         pure
         returns (bytes32)
     {
-        return ORDER_SCHEMA_HASH;
+        return EIP712_ORDER_SCHEMA_HASH;
     }
 
     function getDomainSeparatorSchemaHash()
@@ -82,7 +82,7 @@ contract TestLibs is
         pure
         returns (bytes32)
     {
-        return DOMAIN_SEPARATOR_SCHEMA_HASH;
+        return EIP712_DOMAIN_SEPARATOR_SCHEMA_HASH;
     }
 
     function publicAddFillResults(FillResults memory totalFillResults, FillResults memory singleFillResults)
diff --git a/packages/contracts/src/utils/order_factory.ts b/packages/contracts/src/utils/order_factory.ts
index 6e4c9a883..009dbc396 100644
--- a/packages/contracts/src/utils/order_factory.ts
+++ b/packages/contracts/src/utils/order_factory.ts
@@ -26,7 +26,7 @@ export class OrderFactory {
             ...this._defaultOrderParams,
             ...customOrderParams,
         } as any) as Order;
-        const orderHashBuff = orderHashUtils.getOrderHashBuff(order);
+        const orderHashBuff = orderHashUtils.getOrderHashBuffer(order);
         const signature = signingUtils.signMessage(orderHashBuff, this._privateKey, signatureType);
         const signedOrder = {
             ...order,
diff --git a/packages/contracts/src/utils/transaction_factory.ts b/packages/contracts/src/utils/transaction_factory.ts
index a060263b1..19ef4e1bf 100644
--- a/packages/contracts/src/utils/transaction_factory.ts
+++ b/packages/contracts/src/utils/transaction_factory.ts
@@ -1,10 +1,19 @@
-import { crypto, generatePseudoRandomSalt } from '@0xproject/order-utils';
+import { EIP712Schema, EIP712Types, EIP712Utils, generatePseudoRandomSalt } from '@0xproject/order-utils';
 import { SignatureType } from '@0xproject/types';
 import * as ethUtil from 'ethereumjs-util';
 
 import { signingUtils } from './signing_utils';
 import { SignedTransaction } from './types';
 
+const EIP712_ZEROEX_TRANSACTION_SCHEMA: EIP712Schema = {
+    name: 'ZeroExTransaction',
+    parameters: [
+        { name: 'salt', type: EIP712Types.Uint256 },
+        { name: 'signer', type: EIP712Types.Address },
+        { name: 'data', type: EIP712Types.Bytes },
+    ],
+};
+
 export class TransactionFactory {
     private _signerBuff: Buffer;
     private _exchangeAddress: string;
@@ -16,14 +25,22 @@ export class TransactionFactory {
     }
     public newSignedTransaction(data: string, signatureType: SignatureType = SignatureType.EthSign): SignedTransaction {
         const salt = generatePseudoRandomSalt();
-        const txHash = crypto.solSHA3([this._exchangeAddress, this._signerBuff, salt, ethUtil.toBuffer(data)]);
+        const signer = `0x${this._signerBuff.toString('hex')}`;
+        const executeTransactionData = {
+            salt,
+            signer,
+            data,
+        };
+        const executeTransactionHashBuff = EIP712Utils.structHash(
+            EIP712_ZEROEX_TRANSACTION_SCHEMA,
+            executeTransactionData,
+        );
+        const txHash = EIP712Utils.createEIP712Message(executeTransactionHashBuff, this._exchangeAddress);
         const signature = signingUtils.signMessage(txHash, this._privateKey, signatureType);
         const signedTx = {
             exchangeAddress: this._exchangeAddress,
-            salt,
-            signer: `0x${this._signerBuff.toString('hex')}`,
-            data,
             signature: `0x${signature.toString('hex')}`,
+            ...executeTransactionData,
         };
         return signedTx;
     }
diff --git a/packages/contracts/test/exchange/libs.ts b/packages/contracts/test/exchange/libs.ts
index eff05981d..c08001198 100644
--- a/packages/contracts/test/exchange/libs.ts
+++ b/packages/contracts/test/exchange/libs.ts
@@ -1,5 +1,5 @@
 import { BlockchainLifecycle } from '@0xproject/dev-utils';
-import { assetProxyUtils, orderHashUtils } from '@0xproject/order-utils';
+import { assetProxyUtils, EIP712Utils, orderHashUtils } from '@0xproject/order-utils';
 import { SignedOrder } from '@0xproject/types';
 import { BigNumber } from '@0xproject/utils';
 import * as chai from 'chai';
@@ -56,13 +56,17 @@ describe('Exchange libs', () => {
         describe('getOrderSchema', () => {
             it('should output the correct order schema hash', async () => {
                 const orderSchema = await libs.getOrderSchemaHash.callAsync();
-                expect(orderHashUtils._getOrderSchemaHex()).to.be.equal(orderSchema);
+                const schemaHashBuffer = orderHashUtils._getOrderSchemaBuffer();
+                const schemaHashHex = `0x${schemaHashBuffer.toString('hex')}`;
+                expect(schemaHashHex).to.be.equal(orderSchema);
             });
         });
         describe('getDomainSeparatorSchema', () => {
             it('should output the correct domain separator schema hash', async () => {
                 const domainSeparatorSchema = await libs.getDomainSeparatorSchemaHash.callAsync();
-                expect(orderHashUtils._getDomainSeparatorSchemaHex()).to.be.equal(domainSeparatorSchema);
+                const domainSchemaBuffer = EIP712Utils._getDomainSeparatorSchemaBuffer();
+                const schemaHashHex = `0x${domainSchemaBuffer.toString('hex')}`;
+                expect(schemaHashHex).to.be.equal(domainSeparatorSchema);
             });
         });
         describe('getOrderHash', () => {